Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

2016-09-30T00:00:00
ID MYHACK58:62201679773
Type myhack58
Reporter 佚名
Modified 2016-09-30T00:00:00

Description

Author: p0wd3r (know Chong Yu 4 0 4 Security lab)

Date: 2016-09-22

0x00 vulnerability overview

1. Vulnerability description

Drupal ( https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x < 8.1.10 version found three security vulnerabilities, 其中一个漏洞攻击者可以在未授权的情况下下载管理员之前导出的配置文件压缩包config.tar.gz the. Drupal official in 9, on 2 1, released the upgrade Bulletin https://www.drupal.org/SA-CORE-2016-004 in.

2. Vulnerability

Unauthorized state download administrator before the export of the configuration file

3. Impact version

  1. x < 8.1.10

0x01 vulnerability reproduction

1. Environment to build

The Dockerfile from Docker Hub

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

1 7

1 8

1 9

2 0

2 1

2 2

2 3

2 4

2 5

2 6

2 7

2 8

2 9

3 0

3 1

3 2

3 3

|

from https://www.drupal.org/requirements/php#drupalversions

FROM:php 7.0-apache

RUN a2enmod rewrite

install the PHP extensions we need

RUN apt-get update && apt-get install-y libpng12-dev libjpeg-dev libpq-dev \

&& rm-rf /var/lib/apt/lists/* \

&& docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr \

&& docker-php-ext-install gd mbstring opcache pdo pdo_mysql pdo_pgsql zip

set the recommended PHP. ini settings

see https://secure.php.net/manual/en/opcache.installation.php

RUN { \

echo 'opcache. memory_consumption=1 2 8'; \

echo 'opcache. interned_strings_buffer=8'; \

echo 'opcache. max_accelerated_files=4 0 0 0'; \

echo 'opcache. revalidate_freq=6 0'; \

echo 'opcache. fast_shutdown=1'; \

echo 'opcache. enable_cli=1'; \

} > /usr/local/etc/php/conf. d/opcache-recommended. ini

WORKDIR /var/www/html

https://www.drupal.org/node/3060/release

ENV DRUPAL_VERSION 8.1.9

ENV DRUPAL_MD5 4de7c001ecbd5c27e5837c97e40facc2

RUN curl-fSL "https://ftp.drupal.org/files/projects/drupal-${DRUPAL_VERSION}. tar.gz" -o drupal.tar.gz \

&& echo "${DRUPAL_MD5} *drupal.tar.gz" | md5sum-c - \

&& tar-xz --strip-components=1-f drupal.tar.gz \

&& rm drupal.tar.gz \

&& chown-R www-data:www-data sites modules themes

---|---

[1] [2] [3] [4] [5] next