Xaraya拒绝服务/文件破坏漏洞
2008-04-09 04:17:34来源:互联网 阅读 ()
发布日期:2005-11-30
更新日期:2005-11-30
受影响系统:
Xaraya Xaraya <=1.0.0 RC4描述:
Xaraya Xaraya
BUGTRAQ ID: 15623
Xaraya是一套优秀的内容管理系统。
Xaraya的fopen()中存在文件破坏漏洞,可能导致拒绝服务。xarMLSXML2PHPBackend.php中的漏洞代码如下:
...
function create($ctxType, $ctxName)
{
assert('!empty($this->baseDir)');
assert('!empty($this->baseXMLDir)');
$this->fileName = $this->baseDir;
$this->xmlFileName = $this->baseXMLDir;
if (!ereg("^[a-z] :$", $ctxType)) {
list($prefix,$directory) = explode(':',$ctxType);
if ($directory != "") {
$this->fileName .= $directory . "/";
$this->xmlFileName .= $directory . "/";
}
}
$dirForMkDir = $this->fileName;
if (!file_exists($dirForMkDir)) xarMLS__mkdirr($dirForMkDir, 0777);
$this->fileName .= $ctxName . ".php";
$this->xmlFileName .= $ctxName . ".xml";
$xmlFileExists = false;
if (file_exists($this->xmlFileName)) {
if (!($fp1 = fopen($this->xmlFileName, "r"))) {
xarLogMessage("Could not open XML input: ".$this->xmlFileName);
}
$data = fread($fp1, filesize($this->xmlFileName));
fclose($fp1);
$xml_parser = xml_parser_create();
xml_parse_into_struct($xml_parser, $data, $vals, $index);
xml_parser_free($xml_parser);
$xmlFileExists = true;
} else {
xarLogMessage("MLS Could not find XML input: ".$this->xmlFileName);
}
$fp2 = @fopen ($this->fileName, "w" );
if ($fp2 !== false) {
fputs($fp2, '<?php'."\n");
fputs($fp2, 'global $xarML_PHPBackend_entries;'."\n");
fputs($fp2, 'global $xarML_PHPBackend_keyEntries;'."\n");
if ($xmlFileExists) {
foreach ($vals as $node) {
if (!array_key_exists('tag',$node)) continue;
if (!array_key_exists('value',$node)) $node['value'] = '';
if ($node['tag'] == 'STRING') {
$node['value'] = str_replace('\'', '\\\'', $node['value']);
$start = '$xarML_PHPBackend_entries[\''.$node['value']."']";
} elseif ($node['tag'] == 'KEY') {
$node['value'] = str_replace('\'', '\\\'', $node['value']);
$start = \
'$xarML_PHPBackend_keyEntries[\''.$node['value']."']"; } elseif ($node['tag'] == \
'TRANSLATION') { if ($this->outCharset != 'utf-8') {
$node['value'] = \
$GLOBALS['xarMLS_newEncoding']->convert($node['value'], 'utf-8', $this->outCharset, \
0); }
$node['value'] = str_replace('\'', '\\\'', $node['value']);
if (!empty($node['value'])) {
fputs($fp2, $start . " = '".$node['value']."';\n");
}
}
}
}
fputs($fp2, "?>");
fclose($fp2);
} else {
xarLogMessage("Could not create file: ".$this->fileName);
global $xarML_PHPBackend_entries;
global $xarML_PHPBackend_keyEntries;
if ($xmlFileExists) {
foreach ($vals as $node) {
if (!array_key_exists('tag',$node)) continue;
if (!array_key_exists('value',$node)) $node['value'] = '';
if ($node['tag'] == 'STRING') {
$node['value'] = str_replace('\'', '\\\'', $node['value']);
$entryIndex = $node['value'];
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
