// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen("../../templates/".$config['templaten']."/".$filename, 'w')) {
echo "Cannot open file (../../templates/".$config['templaten']."/".$filename.")";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $value) === FALSE) {
echo "Cannot write to file (../../templates/".$config['templaten']."/".$filename.")";
exit;
} else {
echo "Success, $filename updated!";
once again complete lack of sanitization.
Use CVE-2014-5092.
6. Design flaw by default Status2k does not remove the install
directory (/install/), this may lead to an attacker resetting the
admin credentials and thus logging in and causing further damage
through RCE vectors listed above.
Use CVE-2014-5093.
7. Information leak... it is not shown by default on the index.php
of status2k above version 2, however // PHPINFO ========== //
================== $action = $_GET["action"]; if ($action ==
"phpinfo") { phpinfo(); die(); } allows anyone to view the server's
phpinfo page (localhost/status/index.php?action=phpinfo)
Use CVE-2014-5094.
建议:
--------------------------------------------------------------------------------
厂商补丁:
Status2k
--------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: