Status2k 多个跨站脚本漏洞(CVE(2)

// In our example we're opening $filename in append mode.
    // The file pointer is at the bottom of the file hence
    // that's where $somecontent will go when we fwrite() it.
    if (!$handle = fopen("../../templates/".$config['templaten']."/".$filename, 'w')) {
          echo "Cannot open file (../../templates/".$config['templaten']."/".$filename.")";
          exit;
    }

// Write $somecontent to our opened file.
    if (fwrite($handle, $value) === FALSE) {
        echo "Cannot write to file (../../templates/".$config['templaten']."/".$filename.")";
        exit;
    } else {
 echo "Success, $filename updated!";

once again complete lack of sanitization.

Use CVE-2014-5092.


 6. Design flaw by default Status2k does not remove the install
 directory (/install/), this may lead to an attacker resetting the
 admin credentials and thus logging in and causing further damage
 through RCE vectors listed above.

Use CVE-2014-5093.


 7. Information leak... it is not shown by default on the index.php
 of status2k above version 2, however // PHPINFO ========== //
 ================== $action = $_GET["action"]; if ($action ==
 "phpinfo") { phpinfo(); die(); } allows anyone to view the server's
 phpinfo page (localhost/status/index.php?action=phpinfo)

Use CVE-2014-5094.

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
Status2k
 --------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/074fbc17997839f756aa7d7c02e26997.html