phpbb2.0.12全路径泄露漏洞
[ 2007-03-25 02:41:05 | 作者: sun ]
phpbb是强大的可升级的开放源代码电子公告系统。最新的版本和低版本都存在路径泄露问题。
测试方法:
论坛路径/viewtopic.php?p=6&highlight=\[xiaohua]
将会出现下述文字:
Warning: Compilation failed: missing terminating ] for
character class at offset 20 in /home/nst/forum/viewtopic.php(1110) :
regexp code on line 1
问题代码:
Here is the problem:
-----[ Start Vuln Code ] ------------------------------------
1106: if ($highlight_match)
1107: {
1108: // This was shamelessly 'borrowed' from volker at multiartstudio dot de
1109: // via php.net's annotated manual
1110: $message = str_replace('\"', '"', \
substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . \
$highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . \
"\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
1111: }
解决方法:
magic_quotes_gpc = On
magic_quotes_sybase = Off
在php.ini中同时设置为On
测试方法:
论坛路径/viewtopic.php?p=6&highlight=\[xiaohua]
将会出现下述文字:
Warning: Compilation failed: missing terminating ] for
character class at offset 20 in /home/nst/forum/viewtopic.php(1110) :
regexp code on line 1
问题代码:
Here is the problem:
-----[ Start Vuln Code ] ------------------------------------
1106: if ($highlight_match)
1107: {
1108: // This was shamelessly 'borrowed' from volker at multiartstudio dot de
1109: // via php.net's annotated manual
1110: $message = str_replace('\"', '"', \
substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . \
$highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . \
"\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
1111: }
解决方法:
magic_quotes_gpc = On
magic_quotes_sybase = Off
在php.ini中同时设置为On
评论Feed: http://www.lziss.com/blog/feed.asp?q=comment&id=122
引用链接: http://www.lziss.com/blog/trackback.asp?id=122
引用链接: http://www.lziss.com/blog/trackback.asp?id=122
这篇日志没有评论.