glFusion 'private/system/lib-session.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183108 漏洞类型 SQL注入
发布时间 2009-04-09 更新时间 2009-04-09
CVE编号 CVE-2009-1282 CNNVD-ID CNNVD-200904-213
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-213
|漏洞详情
glFusion是一个开源的内容管理系统。glFusion的private/system/lib-session.php模块没有正确地过滤用户所提交的glf_sessioncookie参数,远程攻击者可以通过向服务器提交恶意请求执行SQL注入攻击。以下是/private/system/lib-session.php的97-117行的有漏洞代码段:...if(isset($_COOKIE[$_CONF['cookie_session']])){$sessid=COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);if($_SESS_VERBOSE){COM_errorLog("got$sessidasthesessionidfromlib-sessions.php",1);}$userid=SESS_getUserIdFromSession($sessid,$_CONF['session_cookie_timeout'],$_SERVER['REMOTE_ADDR'],$_CONF['cookie_ip']);if($_SESS_VERBOSE){COM_errorLog("Got$useridasUserIDfromthesessionID",1);}if($userid<1){//Checkuserstatus$status=SEC_checkUserStatus($userid);if(($status==USER_ACCOUNT_ACTIVE)||($status==USER_ACCOUNT_AWAITING_ACTIVATION)){$user_logged_in=1;SESS_updateSessionTime($sessid,$_CONF['cookie_ip']);在418-436行的SESS_updateSessionTime()函数中:...functionSESS_updateSessionTime($sessid,$md5_based=0){global$_TABLES;$newtime=(string)time();if($md5_based==1){$sql="UPDATE{$_TABLES['sessions']}SETstart_time=$newtimeWHERE(md5_sess_i
|参考资料

来源:BID
名称:34361
链接:http://www.securityfocus.com/bid/34361
来源:www.glfusion.org
链接:http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew
来源:XF
名称:glfusion-libsession-sql-injection(49652)
链接:http://xforce.iss.net/xforce/xfdb/49652
来源:MILW0RM
名称:8347
链接:http://www.milw0rm.com/exploits/8347
来源:SECUNIA
名称:34575
链接:http://secunia.com/advisories/34575
来源:MISC
链接:http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html
来源:OSVDB
名称:53286
链接:http://osvdb.org/53286
来源:BUGTRAQ
名称:20090403glFusion<=1.1.2COM_applyFilter()/cookiesremoteblindsql
链接:http://marc.info/?l=bugtraq&m=123877379105028&w=2