Mantis帐户更改存在SQL插入漏洞发布时间:2002-08-28 更新时间:2002-08-28 严重程度:中 威胁程度:控制应用程序系统 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:5510 受影响系统 Mantis Mantis 0.15.3详细描述 Mantis是基于WEB的BUG跟踪程序, 通过在用户名或者帐户栏插入SQL命令,可以导致更改Mantis用户表。通过对'account_update.php'脚本的操作,可能导致用户获得Mantis管理员权限。 测试代码 在EMAIL中设置:user@server', access_level=90, email=' 这样通过'account_update.php'脚本,SQL操作被更改为: UPDATE mantis_user_table SET username='someusername', email='user@server', access_level=90, email='' WHERE id='$f_id' 而原来是UPDATE mantis_user_table SET username='$f_username', email='$f_email' WHERE id='$f_id' 这样,当级别为access_level=90时,便拥有管理员权限。 解决方案 在account_update.php 中插入如下代码: $f_username = addslashes($f_username); $f_email = addslashes($f_email); 升级程序下载: Mantis Mantis 0.15.3: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.4: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.5: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.6: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.7: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.8: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.9: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.10: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.11: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.12: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.16 .0: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.16.1: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17 .0: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17.1: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17.2: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 相关信息 参考:Jeroen Latour <jlatour@calaquendi.net>. 相关主页:http://online.securityfocus.com/archive/1/288103 |
