SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information on both closed and open source software. Today’s vulnerability report (delivered via email as BugTraq) reported on two popular open source solutions used by web designers and developers – Formmail.php and PHP-Nuke.
SecurityFocus是一个与供应商无关的网站,它提供有关封闭和开源软件的客观,及时和全面的安全信息。 今天的漏洞报告(通过电子邮件以BugTraq的形式提供)报告了Web设计人员和开发人员使用的两种流行的开源解决方案– Formmail.php和PHP-Nuke。
5. Joe Lumbroso Jack’s Formmail.php Unauthorized Remote File Up… BugTraq ID: 9591 Remote: Yes Date Published: Feb 06 2004 Relevant URL: http://www.securityfocus.com/bid/9591 Summary: Jack’s Formmail.php is a web based form to e-mail gateway. The application is written in PHP, however, a Perl version is available as well.
5. Joe Lumbroso Jack的Formmail.php未经授权的远程文件上传…BugTraq ID:9591远程:是发布日期:2004年2月6日相关URL: http : //www.securityfocus.com/bid/9591摘要:Jack的Formmail.php是基于Web的表单到电子邮件网关。 该应用程序是用PHP编写的,但是也可以使用Perl版本。
A vulnerability has been reported to exist in the software that may allow a remote attacker to gain unauthorized access to a vulnerable server and upload arbitrary files.
据报道,该软件中存在一个漏洞,该漏洞可能允许远程攻击者未经授权访问易受攻击的服务器并上传任意文件。
It has been reported that the software verifies the origin of a request via HTTP referer. Due to improper validation performed in the ‘check_referer()’ function, an attacker can bypass the checks by supplying an empty value for HTTP referer. This issue may then allow an attacker to upload a file via the ‘css’ variable of ‘file.php’ script.
据报道,该软件通过HTTP引用程序验证请求的来源。 由于在“ check_referer()”函数中执行的验证不正确,攻击者可以通过为HTTP Referer提供空值来绕过检查。 然后,此问题可能允许攻击者通过'file.php'脚本的'css'变量上传文件。
Successful exploitation of this issue may allow an attacker to save malicious files to the system or potentially overwrite sensitive files.
成功利用此问题,攻击者可能会将恶意文件保存到系统中,或者可能覆盖敏感文件。
Although unconfirmed, Formmail.php versions 5.0 and prior may be affected by this issue.
尽管未经确认,但Formmail.php版本5.0和更低版本可能会受到此问题的影响。
14. PHP-Nuke ‘News’ Module Cross-Site Scripting Vulnerability BugTraq ID: 9605 Remote: Yes Date Published: Feb 09 2004 Relevant URL: http://www.securityfocus.com/bid/9605 Summary: PHP-Nuke is a freeware content management system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.
14. PHP-Nuke“新闻”模块跨站点脚本漏洞BugTraq ID:9605远程:是发布日期:2004年2月9日相关URL: http : //www.securityfocus.com/bid/9605摘要:PHP-Nuke是一个免费软件内容管理系统。 它以PHP实施,可用于多种系统,包括Unix,Linux和Microsoft Windows。
It has been reported that the PHP-Nuke ‘News’ module is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. The URI parameter ‘title’ is not properly sanitized of HTML tags. This could allow for execution of hostile HTML and script code in the web client of a user who visits a vulnerable web page. This would occur in the security context of the site hosting the software.
据报道,PHP-Nuke“新闻”模块易于出现跨站点脚本漏洞。 由于模块未能正确清理用户提供的信息而引起了该问题。 URI参数“标题”未正确清除HTML标记。 这可能允许在访问易受攻击的网页的用户的Web客户端中执行恶意HTML和脚本代码。 这将在托管该软件的站点的安全性上下文中发生。
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
利用可能会盗用基于cookie的身份验证凭据。 其他攻击也是可能的。
It has been reported that this issue affects versions 6.x – 7.x of the software, however earlier versions may also be vulnerable.
据报道,此问题影响软件的6.x – 7.x版本,但是较早的版本可能也容易受到攻击。
21. PHP-Nuke ‘Reviews’ Module Cross-Site Scripting Vulnerability BugTraq ID: 9613 Remote: Yes Date Published: Feb 09 2004 Relevant URL: http://www.securityfocus.com/bid/9613 Summary: PHP-Nuke is a freeware content management system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.
21. PHP-Nuke“审阅”模块跨站点脚本漏洞BugTraq ID:9613远程:是发布日期:2004年2月9日相关URL: http : //www.securityfocus.com/bid/9613摘要:PHP-Nuke是一个免费软件内容管理系统。 它以PHP实施,可用于多种系统,包括Unix,Linux和Microsoft Windows。
It has been reported that the PHP-Nuke ‘Reviews’ module is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. The URI parameter ‘title’ is not properly sanitized of HTML tags. This could allow for execution of hostile HTML and script code in the web client of a user who visits a vulnerable web page. This would occur in the security context of the site hosting the software.
据报道,PHP-Nuke“评论”模块易于出现跨站点脚本漏洞。 由于模块未能正确清理用户提供的信息而引起了该问题。 URI参数“标题”未正确清除HTML标记。 这可能允许在访问易受攻击的网页的用户的Web客户端中执行恶意HTML和脚本代码。 这将在托管该软件的站点的安全性上下文中发生。
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
利用可能会盗用基于cookie的身份验证凭据。 其他攻击也是可能的。
It has been reported that this issue affects versions 6.x – 7.x of the software, however earlier versions may also be vulnerable.
据报道,此问题影响软件的6.x – 7.x版本,但是较早的版本可能也容易受到攻击。
23. PHP-Nuke Public Message SQL Injection Vulnerability BugTraq ID: 9615 Remote: Yes Date Published: Feb 09 2004 Relevant URL: http://www.securityfocus.com/bid/9615 Summary: PHP-Nuke is a freeware content management system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.
23. PHP-Nuke公共消息SQL注入漏洞BugTraq ID:9615远程:是日期发布:2004年2月9日相关URL: http : //www.securityfocus.com/bid/9615摘要:PHP-Nuke是免费的内容管理系统。 它以PHP实施,可用于多种系统,包括Unix,Linux和Microsoft Windows。
It has been reported that the ‘public message’ feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to a failure to properly sanitize the ‘$p_msg’ parameter in the ‘public_message()’ function of the ‘/mainfile.php’ script.
据报道,PHP-Nuke的“公共消息”功能易受SQL注入漏洞的攻击。 该问题是由于未能正确清理'/mainfile.php'脚本的'public_message()'函数中的'$ p_msg'参数所致。
As PHP-Nuke forces all variables to be global within the context of the application, the ‘$p_msg’ parameter may be specified in either POST, GET or COOKIE data. Within the ‘public_message()’ function, the ‘$p_msg’ parameter is decoded into the ‘$c_mid’ parameter, which is directly used in the generation of the SQL query. An attacker could use an SQL Union command passed via the ‘$p_msg’ parameter to mine data from the database.
由于PHP-Nuke强制所有变量在应用程序上下文中都是全局变量,因此'$ p_msg'参数可以在POST,GET或COOKIE数据中指定。 在“ public_message()”函数中,“ $ p_msg”参数被解码为“ $ c_mid”参数,该参数直接用于生成SQL查询。 攻击者可能使用通过'$ p_msg'参数传递SQL Union命令来从数据库中挖掘数据。
As a result of this issue an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.
由于此问题,攻击者可能会修改数据库查询的逻辑和结构。 其他攻击也是可能的,例如获得对敏感信息的访问。
It has been reported that this issue affects versions 6.x – 7.x of the software, however earlier versions may also be vulnerable.
据报道,此问题影响软件的6.x – 7.x版本,但是较早的版本可能也容易受到攻击。
翻译自: https://www.sitepoint.com/formmailphp-and-php-nuke-vulnerabilities-reported/
相关资源:jdk-8u281-windows-x64.exe