来源:自学PHP网 时间:2015-04-17 12:00 作者: 阅读:次
[导读] 标题: Eventy CMS v1.8 Plus - Multiple Web Vulnerablities影响版本:8.3程序介绍:=============Publish Your Events In Online Calendar. Eventy Is Beautiful And Easy To Use Web Base......
|
标题: Eventy CMS v1.8 Plus - Multiple Web Vulnerablities
影响版本:8.3
程序介绍:
=============
Publish Your Events In Online Calendar. Eventy Is Beautiful And Easy To Use Web Based Event Calendar Software
Publish events like parties, courses, meetings, conferences, workshops, and more in easy and user-friendly way.
Eventy Plus adds features like mailing lists, multi-administrator interface, switchable weekly/monthly view,
event categories, and rich text editor. Use Eventy or Eventy Plus for your company website, freelancer`s blog,
club site, online school, or to show your consulting availability. Eventy uses Ajax and runs on web hosts
with PHP and MySQL.
(详情见官方主页: http://calendarscripts.info/event-calendar-software.html )
缺陷摘要:
=========
Eventy CMS v1.8 Plus包含多个缺陷
技术分析:
========
A SQL Injection vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.
The vulnerability allows an attacker (remote) or local low privileged user account to execute a SQL commands on the
affected application dbms. The sql injection vulnerability is located in eventy.php file with the bound vulnerable
event_id parameter. Successful exploitation of the vulnerability results in dbms & application compromise.
Exploitation requires no user interaction & without privileged user account.
缺陷文件:
[+] eventy.php
缺陷参数:
[+] event_id
1.2
A persistent input validation vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.
The bug allows remote attackers to implement/inject malicious script code on the application side (persistent).
The persistent vulnerabilities is located in the the add Event module bound vulnerable Event Title and Event Location
parameters. Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires low user inter action & privileged web application user account.
缺陷模块:
[+] Add Event
缺陷参数:
[+] Event Title - Event Location
1.3
A non-persistent cross site scripting vulnerability is detected in the Eventy CMS v1.8 Plus ,web based event calendar software.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with medium or high required
user inter action or local low privileged user account. The vulnerability is located in the eventy.php page the bound vulnerable selyear
and selmonth parameter. Successful exploitation of the vulnerability result in account steal, client site phishing or client-side
content request manipulation.
缺陷文件:
[+] eventy.php
缺陷参数:
[+] selyear - selmonth
测试证明:
=================
1.1
The SQL injection vulnerability can be exploited by remote attackers without privileged application user accounr and without
required user inter action. For demonstration or reproduce ...
PoC:
<html><head><body>
<title>SQL Injection Vulnerability - PoC</title>
<iframe src=http:// www.2cto.com /eventy/eventy.php?selyear=&selmonth=&event_id=-1869+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13--%20->
</body></head></html>
1.2
The persistent input validation vulnerabilities can be exploited by remote attackers with low or medium required user inter action
& low privileged user account. For demonstration or reproduce ...
Manaually Reproduce ...
The attacker can create a new event with injecting a malicious code i.e.,
>"<iframe src=http://www.vulnerability-lab.com onload=alert("VL")</iframe>, in the field Event Title - Event Location Fields.
When the admin or any other user view the event the code gets executed.
Reference(s):
http://eventy.127.0.0.1:8080/eventy-plus/eve_edit.php?m=November&y=2012&d=20
1.3
PoC:
<html><head><body>
<title>Client side - Cross Site Scripting</title>
<iframe src=http:// www.2cto.com /eventy/eventy.php?selyear=&selmonth=>"<iframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%3C/iframe%3E>
<iframe src=http://eventy.127.0.0.1:8080/eventy/eventy.php?selyear=>"<iframe%20src=http://vuln-lab.com%20onload=alert%28%22VL%22%29%3C/iframe%3E&selmonth=April>
</body></head></html>
--
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@vulnerability-lab.com
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
