CVE-2 0 0 9-1 1 5 1 phpMyadmin Remote Code Injection && Execution-vulnerability warning-the black bar safety net

Directory

1. Vulnerability Description 2. Vulnerability trigger conditions 3. Vulnerability the range of 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking

1. Vulnerability description Insufficient output sanitizing when generating configuration file

phpMyAdmin is PHP written tool used by the WEB Management of MySQL

phpMyAdmin Setup script used to generate configuration. If a remote attacker to this script to submit a specially crafted POST request while 就 可能 在 生成 的 config.inc.php the configuration file contains any PHP code. Since the configuration file is saved to the server, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP code

Relevant Link:

http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
http://cwe.mitre.org/data/definitions/661.html
http://sebug.net/vuldb/ssvid-11665
http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/

2. Vulnerability trigger condition

To use this vulnerability to server attacks, hackers need to meet several necessary conditions

1. the web server writable by code vulnerabilities GETSHELL, the essence is in the use of the WEB container calls theoperating systemthe"file system API"for disk read and write to the specified disk directory is written to a specific content file. So, this requires the WEB container to the specified disk path has"write"permissions to 2. config directory has to be created this vulnerability of attack scenarios by Code Inject(code injection), based on the WEB container to disk on the Write a file(create a file), but we knowOSwrite the file API will not automatically create the directory if config this folder does not exist, even in the presence of vulnerabilities, but also unable to successfully use

[1] [2] [3] [4] [5] [6] [7] [8] next