Discuz! 7.0 number of plug-ins there are different degrees of vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200923458
Type myhack58
Reporter 佚名
Modified 2009-06-04T00:00:00


Discuz! Is the domestic first large Forum, having gone through years of UPS and downs, the security can be said is also one of the best. But I find, more and more non-Discuz it! Official plug-in there is a security vulnerability, if not promptly repaired, may impact the entire site's security.

Here I just reveal a few out, only for your reference, non-Exp, what can be used for and how to use I not say, revealed just want you the plug-in Creator and the user, please pay attention to plug-in security:

  1. 【DST】community auction center V1. 0 GBK For Discuz! 7.0 injection: The DST of an auction plug-in, the official address: http://www.17dst.com/thread-409-1-1.html

Well look at the source code of:

//sql is not initialized if($ob=='my'){ $sql=" and a. uid='$discuz_uid'"; } if($list!=' race'){ if($list){ $navigation.=" "$auction_lang[once_goods]"; //Here bring in the query $count=$db->result($db->query("select count(*) from {$tablepre}auctions a where gmode='1' $sql"),0); ...... } Use test:

  1. Auction Center 3. 0 [ + SD01] -- Qi Rui boutique discuz6/7 commercial plug-in injection: Qi Rui produced a commercial plug-in, fee, DZ official link: http://www.discuz.net/thread-1201439-1-1.html

This plug-in I Baidu the next, didn't find the source, but just testing a bit:

  1. [DST]team show Flash1. 0 version of the plug-in injection: DST out of the A team showcase plugin, the official link: http://www.17dst.com/thread-142-1-1.html

This has the source code, see:

..... //Here $query = $db->query("SELECT * FROM {$tablepre}members WHERE groupid =$agid "); if ($db->num_rows($query) > 0) { ...... } Vulnerability too obvious, not much to say, test a bit official, 4 9 field:

  1. An account issuance system injection:

  2. Community tea house for DZ7. 0(with the back chat) XSS: the DZ official address: http://www.discuz.net/viewthread.php?tid=1148904&highlight=%B2%E8%B7%BB, not under source code audit, only slightly tested, found to send a picture of the picture address the lack of effective filtering, the model Station tests the following:

  3. Many plug-ins to write cache place too careless, may lead to unexpected problems, as a marriage plug-in, administrator privileges may be easy to get a shell, this is not to say.

Well, the first so much, DZ plug-ins a lot, no time to take a closer look, the recent maintenance of one of their own Forum when accidentally encountered on the detection, or hope that the author of a little security awareness~