标题:News Script PHP v1.2 - Multiple Web Vulnerabilites 影响系统 7.5 介绍: ============= Visitors to your website will be able to read news, articles, interviews and stories which you have posted 具体介绍可以看这里:http://www.newsscriptphp.com ) 摘要: ========= News Script PHP v1.2 CMS被发现多个 漏洞 技术分析: ======== 1.1 Multiple SQL Injection vulnerabilities are detected in the News Script PHP 1.2 Content Management System. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user inter action. Successful exploitation of the vulnerability results in dbms & application compromise. The vulnerabilities are located in admin.php & preview.php file and bound values like orderBy & id. Vulnerable File(s): [+] preview.php [+] admin.php Vulnerable Parameter(s): [+] id [+] orderBy 1.2 Multiple non persistent cross site scripting vulnerabilities are detected in the News Script PHP 1.2 Content Management System. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation. The vulnerabilities are located in the preview.php and admin.php files and the bound values like search, ordertype, orderby & act. Vulnerable File(s): [+] preview.php [+] admin.php Vulnerable Parameter(s): [+] search [+] orderType [+] orderBy [+] act 测试证明: ================= 1.1 The sql injection vulnerabilities can be exploited without required user inter action with privileged user account. For demonstration or reproduce ... PoC: http://127.0.0.1:1338/news/preview.php?id=[SQL-INJECTION] http://www.2cto.com /news/preview.php?p=[SQL-INJECTION] http://127.0.0.1:1338/news/admin.php?act=news&orderType=[ASC/DESC]&search=&orderBy=[SQL-INJECTION] 1.2 The non persistent input validation vulnerabilities can be exploited by remote attackers with medium or high required user inter action & without privileged user account. For demonstration or reproduce ... PoC: http://127.0.0.1:1338/news/preview.php?id=`14&p=`&search=[CROSS SITE SCRIPTING] http://127.0.0.1:1338/news/admin.php?act=news&orderType=`[CROSS SITE SCRIPTING] http://www.2cto.com /news/admin.php?act=news&orderType=[CROSS SITE SCRIPTING]]&search=&orderBy=[CROSS SITE SCRIPTING] http://127.0.0.1:1338/news/preview.php?act=news&orderType=[CROSS SITE SCRIPTING] Risk: ===== 1.1 The security risk of the sql injection vulnerabilities are estimated as hard 1.2 The security risk of the input validation vulnerabilities are estiamted as low(+) VULNERABILITY RESEARCH LABORATORY TEAM Website: www.vulnerability-lab.com Mail: research@vulnerability-lab.com
查看更多关于News Script PHP v1.2多重缺陷及修复 - 网站安全 - 自学的详细内容...