网站地图    收藏   

主页 > 后端 > 网站安全 >

News Script PHP v1.2多重缺陷及修复 - 网站安全 - 自学

来源:自学PHP网    时间:2015-04-17 14:11 作者: 阅读:

[导读] 标题:News Script PHP v1.2 - Multiple Web Vulnerabilites影响系统7.5介绍:=============Visitors to your website will be able to read news, articles, interviews and stories which......

标题:News Script PHP v1.2 - Multiple Web Vulnerabilites
影响系统
7.5
 
介绍:
=============
Visitors to your website will be able to read news, articles, interviews and stories which you have posted
具体介绍可以看这里:http://www.newsscriptphp.com )
 
 
摘要:
=========
News Script PHP v1.2 CMS被发现多个漏洞
技术分析:
========
1.1
Multiple SQL Injection vulnerabilities  are detected in the News Script PHP 1.2 Content Management System.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own
sql commands on the affected application dbms without user inter action. Successful exploitation of the
vulnerability results in dbms & application compromise. The vulnerabilities are located in admin.php &
preview.php file and bound values like orderBy & id.
 
Vulnerable File(s):
            [+] preview.php
            [+] admin.php
 
Vulnerable Parameter(s):
            [+] id
            [+] orderBy
 
 
1.2
Multiple non persistent cross site scripting vulnerabilities are detected in the News Script PHP 1.2 Content Management System.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required
user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing
& client-side content request manipulation. The vulnerabilities are located in the preview.php and admin.php files and the
bound values like search, ordertype, orderby & act.
 
Vulnerable File(s):
            [+] preview.php
            [+] admin.php
 
Vulnerable Parameter(s):
            [+] search
            [+] orderType
            [+] orderBy
            [+] act
 
 
测试证明:
=================
1.1
The sql injection vulnerabilities can be exploited without required user inter action with privileged user account.
For demonstration or reproduce ...
 
PoC:
http://127.0.0.1:1338/news/preview.php?id=[SQL-INJECTION]
http://www.2cto.com /news/preview.php?p=[SQL-INJECTION]
http://127.0.0.1:1338/news/admin.php?act=news&orderType=[ASC/DESC]&search=&orderBy=[SQL-INJECTION]
 
 
1.2
The non persistent input validation vulnerabilities can be exploited by remote attackers with medium or high required
user inter action & without privileged user account. For demonstration or reproduce ...
 
PoC:
http://127.0.0.1:1338/news/preview.php?id=`14&p=`&search=[CROSS SITE SCRIPTING]
http://127.0.0.1:1338/news/admin.php?act=news&orderType=`[CROSS SITE SCRIPTING]
http://www.2cto.com /news/admin.php?act=news&orderType=[CROSS SITE SCRIPTING]]&search=&orderBy=[CROSS SITE SCRIPTING]
http://127.0.0.1:1338/news/preview.php?act=news&orderType=[CROSS SITE SCRIPTING]
 
 
Risk:
=====
1.1
The security risk of the sql injection vulnerabilities are estimated as hard
 
1.2
The security risk of the input validation vulnerabilities are estiamted as low(+)
 
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论