漏洞信息详情
vBulletin admincp/admincalendar.php模块SQL注入漏洞
- CNNVD编号:CNNVD-200902-534
- 危害等级: 中危
- CVE编号: CVE-2008-6256
- 漏洞类型: SQL注入
- 发布时间: 2008-11-17
- 威胁类型: 远程
- 更新时间: 2009-02-24
- 厂 商: vbulletin
- 漏洞来源: Janek Vind come2...
漏洞简介
vBulletin是一款开放源代码的PHP论坛程序。
vBulletin论坛的admincp/admincalendar.php文件没有正确地验证用户提交参数:
-------------------[original source code]------------------
if($_POST[\'\'do\'\'] == \'\'saveholiday\'\')
{
$vbulletin->input->clean_array_gpc(\'\'p\'\', array(
\'\'holidayid\'\' => TYPE_INT,
\'\'holidayinfo\'\' => TYPE_ARRAY,
\'\'month1\'\' => TYPE_INT,
\'\'day1\'\' => TYPE_INT,
\'\'month2\'\' => TYPE_INT,
\'\'day2\'\' => TYPE_INT,
\'\'period\'\' => TYPE_INT,
\'\'title\'\' => TYPE_STR,
\'\'description\'\' => TYPE_STR,
));
..
$db->query_write(\"
UPDATE \" . TABLE_PREFIX . \"holiday
SET allowsmilies = \" . $vbulletin->GPC[\'\'holidayinfo\'\'][\'\'allowsmilies\'\'] . \",
recuroption = \'\'\" . $vbulletin->GPC[\'\'holidayinfo\'\'][\'\'recuroption\'\'] . \"\'\',
recurring = \" . $vbulletin->GPC[\'\'holidayinfo\'\'][\'\'recurring\'\'] . \"
WHERE holidayid = \" . $vbulletin->GPC[\'\'holidayid\'\']
);
------------------[/original source code]------------------
可见未经任何过滤便在UPDATE查询中使用了来自$_POST的数组类型变量holidayinfo,这允许远程攻击者通过提交恶意请求执行SQL注入攻击。
漏洞公告
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.vbulletin.com/
参考网址
来源: XF
名称: vbulletin-admincalendar-sql-injection(46683)
链接:http://xforce.iss.net/xforce/xfdb/46683
来源: MISC
链接:http://www.waraxe.us/advisory-68.HTML
来源: BUGTRAQ
名称: 20081117 [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1
链接:http://www.securityfocus.com/archive/1/archive/1/498369/100/0/threaded
来源: SECUNIA
名称: 32735
链接:http://secunia.com/advisories/32735
受影响实体
- Vbulletin Vbulletin:3.7.3:Pl1
补丁
暂无
评论