PHPFaber TopSites 'Index.PHP'多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194037 漏洞类型 SQL注入
发布时间 2006-07-24 更新时间 2006-08-07
CVE编号 CVE-2006-3770 CNNVD-ID CNNVD-200607-382
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006070103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-382
|漏洞详情
phpFaberTopSites2.0.9及之前版本的index.php存在多个SQL注入漏洞,远程攻击者可以通过(1)i_cat或(2)method参数来执行任意SQL命令。
|漏洞EXP
[MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability

-----------------------------------------------------------------

Software: phpFaber TopSites

Version: <=2.0.9

Type: SQL Injection Vulnerability

Made public: July, 19th 2006

Vendor: phpFaber, LLC

Page: http://www.phpfaber.com/

Credits:

----------------------------------------------

Discovered by: David "Aesthetico" Vieira-Kurz

http://www.majorsecurity.de

Original Advisory:

----------------------------------------------

http://www.majorsecurity.de/advisory/major_rls21.txt

Affected Products:

----------------------------------------------

phpFaber TopSites 2.0.9 and prior

Description:

----------------------------------------------

phpFaber TopSites is a feature-packed, reliable and secure Top List for webmasters who want to increase traffic to their websites.

It is fully customizable and doesn't require any programming skills! You can create your forms just in 3 clicks!

Vulnerability:

----------------------------------------------

Input passed directly to the "i_cat" and "method" parameter in "index.php" is not properly sanitised before being used in a SQL query.

This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:

----------------------------------------------

Edit the source code to ensure that input is properly sanitised.
|参考资料

来源:XF
名称:phpfabertopsites-index-sql-injection(27879)
链接:http://xforce.iss.net/xforce/xfdb/27879
来源:BID
名称:19097
链接:http://www.securityfocus.com/bid/19097
来源:BUGTRAQ
名称:20060720[MajorSecurity#21]phpFaberTopSites<=2.0.9-SQLInjectionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/440648/100/0/threaded
来源:OSVDB
名称:27415
链接:http://www.osvdb.org/27415
来源:MISC
链接:http://www.majorsecurity.de/advisory/major_rls21.txt
来源:VUPEN
名称:ADV-2006-2913
链接:http://www.frsirt.com/english/advisories/2006/2913
来源:SECTRACK
名称:1016552
链接:http://securitytracker.com/id?1016552
来源:SECUNIA
名称:21141
链接:http://secunia.com/advisories/21141
来源:SREASON
名称:1266
链接:http://securityreason.com/securityalert/1266