PHP-Nuke多个路径泄露漏洞发布时间:2002-12-16 更新时间:2002-12-16 严重程度:中 威胁程度:服务器信息泄露 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:6406 受影响系统 Francisco Burzi PHP-Nuke 6.0详细描述 当在PHP-Nuke请求不可直接访问的PHP脚本的时候存在路径泄露漏洞。利用该漏洞可以造成服务器上的文件系统敏感信息泄露。 多数PHP-Nuke的文件都包含modules.php或index.php。要防止直接访问,PHPNuke设置了两种安全设置,一个是: (e.g. in modules/Downloads/index.php) is : --------------------------------------------------- if (!eregi("modules.php", $PHP_SELF)) { die ("You can't access this file directly..."); } --------------------------------------------------- 另一个是(e.g. footer.php ) : ------------------------------------ if (eregi("footer.php",$PHP_SELF)) { Header("Location: index.php"); die(); } ------------------------------------ 一些文件没有这些安全设置,存在了安全漏洞,这些包括: Path Disclosure : http://[target]/modules/Downloads/voteinclude.php http://[target]/modules/Your_Account/navbar.php http://[target]/modules/Forums/attachment.php http://[target]/modules/Forums/auth.php http://[target]/modules/News/comments.php http://[target]/modules/Private_Messages/functions.php http://[target]/modules/Private_Messages/index.php http://[target]/modules/Private_Messages/read.php http://[target]/modules/Private_Messages/reply.php http://[target]/modules/Web_Links/voteinclude.php http://[target]/modules/WebMail/contactbook.php?user=1 Path Disclosure & Cross Site Scripting : - http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?site_font=}--></style>[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT] or with : $sitename $table_width $color1 $forumver - /modules/Forums/bbcode_ref.php with : $name $Default_Theme $site_font $sitename $bgcolor2 $textcolor1 $bgcolor1 $forumver - /modules/Forums/editpost.php, /modules/Forums/newtopic.php, /modules/Forums/reply.php, /modules/Forums/topicadmin.php, /modules/Forums/viewforum.php with : $name - /modules/Forums/searchbb.php with : $name $bgcolor3 $bgcolor1 测试代码 见描述 解决方案 http://www.phpsecure.org 提供了非官方的补丁。 相关信息 相关连接: PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting http://online.securityfocus.com/archive/1/303536 PHP-Nuke Product Page http://www.ncc.org.ve/php-nuke.php3?op=english |
