LS simple guestbook - arbitrary code execution

看板Bugtraq作者jd2k2000.時間19年前 (2007/04/17 01:40)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

######################################################## # Special Greetings To - Timq,Warpboy,The-Maggot # ######################################################## File: index.php Affects: LS simple guestbook (v1) Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file when the user leaves a message, this file is then included causing any php code within it to be run. =========================================================================== Scope: =========================================================================== An attacker can inject arbitrary php code and potentially execute commands on the system. =========================================================================== Recommendation: =========================================================================== Add the following line of code in index.php: $message = strip_tags($message); just above: if ($message != "") {$file = fopen("$dataf","a"); =========================================================================== Example: name = Test message = <?php phpinfo(); ?> Discovered By: Gammarays

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 jd2k2000. 的文章

文章代碼(AID): #168xK700 (Bugtraq)