[转帖]CmsEasy上传漏洞-茶余饭后-看雪-安全社区|安全招聘|kanxue.com

[转帖]CmsEasy上传漏洞

发表于: 2013-5-5 20:04 2862

[转帖]CmsEasy上传漏洞

oshunjian

2013-5-5 20:04

2862

新闻链接：59dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0T1M7#2)9J5k6h3A6A6j5i4y4#2L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6X3L8%4u0#2L8g2)9J5k6i4m8Z5M7q4)9K6c8X3#2G2k6q4)9K6c8s2k6A6k6i4N6@1K9s2u0W2j5h3c8Q4x3U0k6@1K9h3c8Q4x3@1b7K6x3U0R3@1i4K6t1$3M7r3q4Y4k6g2)9K6c8o6q4Q4x3U0k6W2P5s2c8J5j5g2)9K6c8q4)9J5x3%4m8A6k6o6R3@1x3o6b7`.
新闻时间：2013.05.05
新闻正文：

近日，互联网上公布了一例关于“CmsEasy”的上传漏洞，并给出了攻击程序，经SCANV网站安全中心研究人员分析后确认，漏洞确实存在，到本文发布为止，官方还未推出任何防御补丁，该漏洞属于“0day”高危漏洞。攻击者利用该漏洞可以直接上传恶意文件，并最终导致网站被“脱裤”、“挂马”及“非法SEO”等危险。目前我们已经把漏洞细节报告给CmsEasy官方,请广大站长朋友注意留意CmsEasy官方动态，以及我们的微博，同时复查网站安全状态，启用临时安全补丁（详见下）。

关于CmsEasy
       CmsEasy是国内一款使用PHP+MySQL技术开发的企业网站程序，是国内比较常见的CMS程序之一，由于其使用广泛、用户数量大，也成为“黑客”密切关注的对象！

临时安全补丁
在\lib\tool\front_class.php文件中，第2665行左右的move_uploaded_file函数上方添加如下语句：

if (!$new_name ||!preg_match('/\.(jpg|gif|png|bmp)$/',$new_name))
{
       return false;
}

名词解释
       0day漏洞：是指已经被发现（有可能未被公开）而官方还未发布相关补丁的漏洞。
      上传漏洞：是应用程序常见的一种漏洞类型，该漏洞可以直接危及到网站数据安全从而导致网站被“脱库”，严重者甚至危及到网站服务器系统安全，属于“高危”漏洞。

关于SCANV网站安全中心及知道创宇
       “SCANV 网站安全中心“(c7aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4U0j5h3&6$3i4K6u0W2j5$3!0E0i4K6t1&6i4K6u0o6i4@1f1%4i4K6V1@1i4@1t1I4i4@1f1%4i4K6W2r3i4@1p5#2i4@1f1&6i4K6R3I4i4K6V1K6i4@1f1#2i4K6R3^5i4K6W2n7i4@1f1#2i4@1q4q4i4K6R3%4i4@1f1#2i4@1q4q4i4K6R3&6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1%4i4@1p5H3i4K6V1@1i4@1f1%4i4@1p5&6i4@1t1$3i4@1f1#2i4K6W2n7i4@1p5J5i4@1f1&6i4K6V1^5i4K6W2r3i4@1f1&6i4@1p5&6i4@1t1I4i4@1f1#2i4K6S2m8i4@1p5^5i4K6u0o6i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0c8Q4b7U0S2Q4z5e0y4Q4c8e0k6Q4b7U0y4Q4b7e0S2Q4c8e0N6Q4b7V1c8Q4z5e0q4Q4c8e0N6Q4b7f1u0Q4z5e0W2Q4c8e0g2Q4b7f1g2Q4z5o6W2Q4c8e0g2Q4z5o6g2Q4b7e0S2Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7V1c8Q4z5e0y4Q4c8e0g2Q4z5p5y4Q4z5e0k6Q4c8e0S2Q4b7e0N6Q4b7e0y4Q4c8e0g2Q4z5o6k6Q4b7U0y4Q4c8e0k6Q4z5e0k6Q4b7U0W2Q4c8e0k6Q4b7e0q4Q4z5o6S2Q4x3V1y4Q4c8e0N6Q4b7V1u0Q4z5e0W2Q4c8e0N6Q4b7f1u0Q4z5e0W2Q4c8e0W2Q4z5e0g2Q4b7V1k6Q4c8e0k6Q4z5f1y4Q4z5p5u0Q4c8e0g2Q4z5p5k6Q4z5p5u0Q4c8e0c8Q4b7V1u0Q4b7f1y4Q4c8e0k6Q4z5p5k6Q4z5e0m8Q4c8e0c8Q4b7V1g2Q4z5f1u0Q4c8e0N6Q4b7V1c8Q4z5e0q4Q4c8e0N6Q4b7f1u0Q4z5e0W2Q4c8e0k6Q4b7V1y4Q4z5p5k6Q4c8e0k6Q4b7U0c8Q4z5f1g2Q4c8e0S2Q4b7f1k6Q4z5p5q4Q4c8e0k6Q4z5e0k6Q4b7f1c8Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0k6Q4b7V1y4Q4z5p5k6Q4c8e0k6Q4b7U0c8Q4z5f1g2Q4c8e0W2Q4b7e0u0Q4z5o6c8Q4c8e0S2Q4b7f1c8Q4b7e0k6Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0S2Q4b7e0u0Q4b7f1u0Q4c8e0W2Q4b7V1u0Q4z5e0q4Q4c8e0W2Q4b7e0u0Q4z5o6c8Q4c8e0S2Q4b7f1c8Q4b7e0k6Q4x3V1y4Q4c8e0g2Q4b7U0W2Q4b7U0k6Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4@1f1$3i4K6S2r3i4K6V1H3i4@1f1@1i4@1u0q4i4K6W2n7i4@1f1#2i4@1p5@1i4K6W2m8i4@1f1%4i4@1u0n7i4@1t1@1i4@1f1#2i4@1u0m8i4@1p5$3i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4@1q4q4i4K6R3&6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1^5i4@1p5%4i4@1p5K6i4@1f1#2i4K6R3$3i4@1t1K6i4@1f1$3i4K6V1$3i4@1t1&6i4@1f1$3i4@1p5I4i4K6R3^5i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1@1i4@1t1^5i4K6V1K6i4@1f1#2i4@1q4q4i4@1t1$3i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1#2i4@1q4r3i4@1t1&6i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1$3i4@1u0o6i4K6S2r3i4@1f1$3i4@1t1@1i4K6W2q4i4@1f1@1i4@1u0r3i4@1q4q4i4@1f1#2i4@1p5@1i4K6S2p5i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1&6i4K6V1@1i4@1q4q4i4@1f1@1i4@1u0m8i4K6V1I4i4@1f1%4i4@1q4n7i4@1q4r3i4@1f1&6i4K6V1^5i4@1t1J5i4@1f1#2i4@1u0q4i4@1p5I4i4@1f1%4i4@1q4p5i4K6R3&6i4@1f1K6i4K6R3H3i4K6R3J5
       "知道创宇" (f36K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3E0F1L8%4N6F1M7$3g2U0i4K6u0W2j5$3!0E0i4K6t1&6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1%4i4@1p5%4i4@1t1H3i4@1f1@1i4@1t1^5i4@1u0m8i4@1f1#2i4K6S2o6i4K6V1%4i4@1f1@1i4@1u0m8i4@1q4o6i4@1f1%4i4K6W2r3i4@1p5#2i4@1f1&6i4K6R3I4i4K6V1K6i4@1f1#2i4K6R3^5i4K6W2n7i4@1f1#2i4@1q4q4i4K6R3%4i4@1f1@1i4@1u0r3i4@1p5I4i4@1f1$3i4K6R3I4i4@1q4r3i4@1f1$3i4K6S2m8i4K6R3H3i4@1f1$3i4K6W2o6i4@1q4r3i4@1f1$3i4K6W2o6i4K6R3&6i4@1f1&6i4K6V1&6i4K6V1H3i4@1f1#2i4K6R3#2i4@1q4o6i4@1f1#2i4K6S2r3i4@1t1^5i4@1f1K6i4K6R3H3i4K6R3J5i4@1f1$3i4K6V1^5i4@1q4r3i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4y4g2)9&6b7W2!0n7c8q4!0q4y4g2)9^5y4W2)9^5y4g2!0q4y4W2)9&6b7#2)9^5x3q4!0q4y4W2)9&6y4#2!0m8z5g2!0q4y4W2)9^5c8W2)9&6x3q4!0q4y4g2)9^5y4#2!0n7b7g2!0q4y4#2!0n7c8q4)9&6x3g2!0q4y4#2!0m8b7W2)9&6z5g2!0q4y4g2!0m8c8g2)9^5z5g2!0q4y4g2)9^5y4g2!0m8z5q4!0q4y4q4!0n7b7g2)9&6x3g2!0q4y4#2)9&6b7W2)9&6x3g2!0q4y4W2!0n7y4g2)9^5b7W2!0q4y4g2)9^5c8W2)9^5b7g2!0q4y4q4!0n7b7g2)9&6x3g2!0q4z5g2)9&6z5q4!0n7x3W2!0q4y4g2!0n7c8g2!0m8x3g2!0q4y4#2)9&6b7g2)9^5y4q4!0q4z5g2!0m8b7W2)9&6z5q4!0q4y4W2)9&6y4W2!0n7x3q4!0q4y4q4!0n7b7#2)9^5x3g2!0q4y4q4!0n7z5q4)9&6b7g2)9J5b7#2!0q4y4g2!0m8y4#2)9^5b7W2!0q4y4#2!0n7b7W2)9^5z5q4!0q4z5q4)9^5y4#2!0n7y4q4!0q4y4g2)9^5b7g2)9&6b7W2!0q4y4q4!0n7b7g2)9^5c8g2!0q4y4q4!0n7z5q4!0n7b7g2!0q4y4g2!0m8c8g2!0m8x3W2!0q4y4W2)9^5z5q4!0n7y4#2!0q4y4W2)9^5c8W2)9&6x3q4!0q4y4q4!0n7c8g2)9&6b7W2!0q4y4g2)9&6c8W2!0n7b7g2!0q4y4q4!0n7b7g2)9^5c8g2!0q4y4q4!0n7b7g2)9&6x3g2!0q4y4W2)9^5b7g2)9^5x3q4!0q4y4W2)9&6b7#2!0m8c8W2!0q4y4W2)9&6y4q4!0m8c8W2!0q4y4W2)9&6x3W2)9&6x3g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0c8Q4b7U0S2Q4z5p5u0Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7V1u0Q4b7e0y4Q4x3U0k6F1j5Y4y4H3i4K6y4n7g2$3g2T1i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4y4g2!0m8c8g2)9^5z5g2!0q4y4g2)9^5y4g2!0m8z5q4!0q4z5q4!0m8y4#2!0m8x3#2!0q4y4g2)9^5y4W2!0n7x3#2!0q4y4W2)9&6y4W2!0n7z5g2!0q4y4W2!0m8x3g2)9^5z5q4!0q4x3#2)9^5x3q4)9^5x3W2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0N6Q4z5f1k6Q4b7e0g2Q4c8e0W2Q4z5o6q4Q4z5e0y4Q4c8e0g2Q4z5o6S2Q4z5f1u0Q4c8e0g2Q4b7f1g2Q4z5o6N6Q4c8e0k6Q4z5o6m8Q4b7V1u0Q4c8e0W2Q4z5o6y4Q4b7e0S2Q4c8e0S2Q4b7f1g2Q4b7V1g2Q4c8e0g2Q4z5f1y4Q4b7e0S2Q4c8e0g2Q4z5p5y4Q4z5e0N6Q4c8e0c8Q4b7V1q4Q4b7f1y4Q4x3V1y4Q4c8e0g2Q4z5f1y4Q4b7e0S2Q4c8e0W2Q4b7e0k6Q4z5e0W2Q4c8e0k6Q4b7U0S2Q4b7f1k6Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0c8Q4b7U0S2Q4z5p5q4Q4c8e0k6Q4b7U0g2Q4b7U0N6Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0g2Q4b7U0W2Q4b7V1k6Q4c8e0g2Q4b7U0N6Q4z5f1g2Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0k6Q4z5o6S2Q4z5e0m8Q4c8e0W2Q4z5o6y4Q4b7V1c8Q4c8e0S2Q4b7f1g2Q4b7V1g2Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0g2Q4z5o6S2Q4z5o6k6Q4c8e0g2Q4z5o6g2Q4b7f1y4Q4c8e0g2Q4z5p5k6Q4b7U0S2Q4x3V1y4Q4c8e0g2Q4b7f1g2Q4b7e0u0Q4c8e0k6Q4z5o6S2Q4b7U0N6Q4c8e0g2Q4z5p5k6Q4z5p5q4Q4c8e0g2Q4z5e0m8Q4z5o6S2Q4c8e0c8Q4b7V1c8Q4z5f1y4Q4c8e0c8Q4b7V1y4Q4z5e0W2Q4c8e0c8Q4b7V1y4Q4b7U0c8Q4c8e0k6Q4z5f1c8Q4b7e0g2Q4c8e0S2Q4z5o6N6Q4b7f1q4Q4c8e0c8Q4b7U0S2Q4b7f1c8Q4c8e0g2Q4z5f1u0Q4b7V1c8Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4@1f1%4i4@1u0q4i4K6S2q4i4@1f1#2i4K6W2n7i4@1u0p5i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1$3i4K6V1%4i4@1p5#2i4@1f1$3i4K6W2o6i4@1q4o6i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1&6i4K6W2r3i4@1p5&6i4@1f1#2i4K6W2n7i4@1u0p5i4@1f1%4i4@1q4p5i4K6R3&6i4@1f1K6i4K6R3H3i4K6R3J5i4@1f1#2i4K6R3%4i4@1q4p5i4@1f1#2i4K6R3H3i4K6W2r3i4@1f1#2i4@1u0o6i4@1u0m8i4@1f1#2i4@1p5@1i4@1p5%4i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1u0m8i4K6V1I4i4@1f1#2i4@1q4q4i4K6R3&6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1$3i4K6S2m8i4K6R3H3i4@1f1$3i4K6W2o6i4@1q4r3i4@1f1@1i4@1t1^5i4K6S2q4i4@1f1@1i4@1u0m8i4@1p5%4i4@1f1#2i4K6V1K6i4K6R3I4i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1&6i4@1q4n7i4K6V1^5i4@1f1#2i4K6S2r3i4@1q4r3i4@1f1%4i4K6V1@1i4@1p5^5i4@1f1$3i4K6R3H3i4@1p5%4i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1$3i4K6V1^5i4K6V1K6i4@1f1%4i4@1q4q4i4@1p5I4i4@1f1%4i4K6V1H3i4K6R3$3i4@1f1$3i4K6R3H3i4@1p5%4i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1#2i4K6V1H3i4K6R3^5i4@1f1^5i4@1p5%4i4K6R3@1i4@1f1$3i4K6R3H3i4@1p5%4i4@1f1#2i4K6V1J5i4K6S2o6i4@1f1@1i4@1t1^5i4K6W2m8i4@1f1#2i4K6S2m8i4@1p5I4i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4z5q4!0n7c8W2)9&6c8g2!0q4y4#2!0n7b7W2!0m8c8q4!0q4y4W2)9^5x3q4!0m8y4#2!0q4x3#2)9^5x3q4)9^5x3g2!0q4y4q4!0n7b7W2!0m8y4g2!0q4y4g2)9^5c8W2)9^5b7g2!0q4y4g2)9^5b7g2!0m8z5q4!0q4y4W2)9^5x3q4)9^5x3g2!0q4y4q4!0n7c8W2)9&6c8q4!0q4z5g2)9&6b7g2)9&6b7#2!0q4y4g2)9^5y4g2!0n7x3#2!0q4z5g2)9&6y4q4!0m8c8g2)9J5y4X3&6T1M7%4m8Q4x3@1u0i4k6h3u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4@1f1$3i4K6V1#2i4@1t1H3i4@1f1$3i4K6S2p5i4@1q4q4i4@1f1^5i4@1t1#2i4K6R3@1i4@1f1@1i4@1u0m8i4@1p5%4i4@1f1#2i4@1q4q4i4K6R3&6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1^5i4K6R3K6i4@1u0p5i4@1f1#2i4K6S2m8i4K6W2n7i4K6u0o6i4@1f1#2i4@1t1^5i4@1q4q4i4@1f1#2i4K6S2m8i4@1p5&6i4@1f1%4i4K6V1@1i4@1p5^5i4@1f1$3i4K6R3^5i4@1t1%4i4@1f1#2i4@1u0m8i4K6V1@1i4@1f1#2i4@1q4r3i4@1t1&6i4@1f1#2i4K6S2r3i4K6V1^5i4@1f1#2i4K6S2o6i4K6V1$3i4@1f1#2i4@1p5@1i4K6W2m8i4@1f1%4i4@1q4n7i4@1q4r3i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1u0m8i4K6V1J5i4@1f1^5i4K6R3I4i4K6V1@1i4@1f1%4i4@1u0p5i4K6V1I4i4@1f1#2i4@1q4q4i4K6R3&6i4K6t1$3L8X3u0K6M7q4)9K6b7W2!0q4y4g2)9^5y4g2!0m8z5q4!0q4y4g2!0m8z5q4)9^5x3g2!0q4z5q4)9^5x3#2)9^5x3g2)9J5b7#2!0q4z5q4!0n7y4g2!0m8x3W2!0q4y4g2!0n7c8g2)9&6y4#2!0q4y4q4!0n7b7g2)9^5y4W2!0q4y4q4!0n7b7#2)9^5x3g2!0q4y4q4!0n7z5q4)9&6b7g2!0q4x3#2)9^5x3q4)9^5x3g2!0q4y4W2)9&6y4q4!0n7c8W2!0q4y4g2!0n7b7g2)9&6b7#2!0q4y4q4!0n7z5q4)9^5c8g2!0q4y4g2)9^5y4g2!0m8b7#2!0q4y4g2)9^5y4g2!0n7x3g2!0q4y4W2)9&6b7#2!0n7b7g2!0q4y4W2)9&6c8g2)9^5y4q4!0q4y4#2)9&6b7g2)9^5y4q4!0q4z5g2)9&6c8q4)9&6x3W2!0q4y4#2)9&6c8q4)9&6x3q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4y4#2)9&6c8W2!0m8y4g2!0q4z5g2)9^5x3g2)9&6x3#2!0q4y4g2)9^5z5q4)9&6b7W2!0q4y4g2!0m8c8g2)9^5y4#2!0q4y4g2!0m8c8g2)9^5z5g2!0q4y4g2)9^5y4g2!0m8z5q4!0q4y4g2!0m8c8g2)9&6c8g2!0q4z5g2!0m8b7g2)9^5b7#2!0q4y4g2!0m8c8g2!0m8y4q4!0q4y4g2)9&6b7#2!0m8z5q4!0q4z5g2)9&6b7W2!0n7y4W2!0q4y4W2)9&6y4#2!0m8y4g2!0q4y4g2!0m8c8g2)9^5z5g2!0q4y4g2)9^5y4g2!0m8z5q4!0q4y4g2!0m8z5q4)9^5x3g2!0q4z5q4)9^5x3#2)9^5x3g2!0q4y4q4!0n7z5q4)9^5c8g2!0q4y4q4!0n7b7g2)9&6x3g2!0q4y4g2!0m8c8g2)9^5z5g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4c8e0g2Q4z5o6g2Q4b7e0S2Q4c8e0k6Q4z5p5q4Q4z5o6m8Q4c8e0k6Q4z5f1y4Q4b7f1k6Q4c8e0k6Q4z5e0k6Q4b7U0W2Q4c8e0W2Q4z5f1c8Q4b7e0u0Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0N6Q4b7e0m8Q4z5e0c8Q4c8e0N6Q4b7e0W2Q4b7U0k6Q4c8e0g2Q4b7V1g2Q4z5e0N6Q4c8e0g2Q4z5o6S2Q4b7U0m8Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8e0c8Q4b7U0S2Q4z5f1q4Q4c8e0g2Q4z5o6k6Q4z5o6g2Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0g2Q4b7U0W2Q4b7V1k6Q4c8e0k6Q4b7U0y4Q4z5f1u0Q4c8e0S2Q4b7f1g2Q4b7e0c8Q4c8e0g2Q4z5e0m8Q4z5p5y4Q4c8e0g2Q4b7U0W2Q4b7U0k6Q4c8e0c8Q4b7V1q4Q4b7f1u0Q4c8e0k6Q4z5f1y4Q4z5o6W2Q4c8e0k6Q4z5f1g2Q4z5o6q4Q4c8e0W2Q4b7f1u0Q4z5e0S2Q4c8e0N6Q4z5f1k6Q4b7e0g2Q4c8e0g2Q4z5e0m8Q4z5p5c8Q4c8e0g2Q4b7V1q4Q4b7e0k6Q4c8e0y4Q4z5o6m8Q4z5o6t1`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

#资讯

收藏・0

免费・0

支持