Noguska Nola远程文件包含漏洞

漏洞信息详情

Noguska Nola远程文件包含漏洞

• CNNVD编号：CNNVD-200212-789
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1841
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2002-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  noguska
• 漏洞来源：
  Discovery credited…

NOLA 1.1.1和1.1.2版本中的文件管理模块限制上传文件类型，远程攻击者可以上传和执行任意含有扩展例如.php4的PHP文件。

Reportedly, exploitation of this type of vulnerability is not possible unless both ‘allow_url_fopen’ and ‘register_globals’ are enabled in the local site PHP configuration.
It is good practice to disable any unneeded options.
The following patch was produced by Ryan Fox to circumvent this vulnerability by defining disallowed file extensions:
diff -r nola/docmgmtadd.php nola.orig/docmgmtadd.php
120,130d119
< $nondisallowedfile=1;
< foreach($disallowedfileext as $this) {
< if ($substr_count($file_name, $this)) {
< $nondisallowedfile=0;
< break;
< };
< };
<
< // illegal file type!
< if ($nondisallowedfile != 1) die(texterror(‘This file type is not supported.’));
<
diff -r nola/includes/defines.php nola.orig/includes/defines.php
301,303d300
< //disallowed file extentions
< $disallowedfileext=array(‘.php’,’.phps’,’.php3′);
<
diff -r nola/invitemadd1.php nola.orig/invitemadd1.php
21,31d20
< $nondisallowedfile=1;
< foreach($disallowedfileext as $this) {
< if ($substr_count($graphic_name, $this)) {
< $nondisallowedfile=0;
< break;
< };
< };
<
< // illegal file type!
< if ($nondisallowedfile != 1) die(texterror(‘This file type is not supported.’));
<
45,55d33
< $nondisallowedfile=1;
< foreach($disallowedfileext as $this) {
< if ($substr_count($catalogsheet_name, $this)) {
< $nondisallowedfile=0;
< break;
< };
< };
<
< // illegal file type!
< if ($nondisallowedfile != 1) die(texterror(‘This file type is not supported.’));
<
diff -r nola/invitemupd.php nola.orig/invitemupd.php
27,37d26
< $nondisallowedfile=1;
< foreach($disallowedfileext as $this) {
< if ($substr_count($graphic_name, $this)) {
< $nondisallowedfile=0;
< break;
< };
< };
<
< // illegal file type!
< if ($nondisallowedfile != 1) die(texterror(‘This file type is not supported.’));
<
51,61d39
< $nondisallowedfile=1;
< foreach($disallowedfileext as $this) {
< if ($substr_count($catalogsheet_name, $this)) {
< $nondisallowedfile=0;
< break;
< };
< };
<
< // illegal file type!
< if ($nondisallowedfile != 1) die(texterror(‘This file type is not supported.’));
<
171c149
<
—
>
\ No newline at end of file
—
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>@amerisuk.com>

来源: BID
名称: 5116
链接:http://www.securityfocus.com/bid/5116

来源: VULN-DEV
名称: 20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]
链接:http://marc.theaimsgroup.com/?l=vuln-dev&m=102520790718208&w=2

来源: XF
名称: nola-php-script-upload(9438)
链接:http://www.iss.net/security_center/static/9438.php

来源: VULN-DEV
名称: 20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]
链接:http://marc.theaimsgroup.com/?l=vuln-dev&m=102511114021370&w=2