2. clear the security vulnerability and upgrading forum version 1.pp BB2.0.11 security vulnerability analysis and removal methods: phpBB2 is a php script languages Forum, the forum below 2.0.11 version has a serious vulnerability is viewtopic.php allows remote command execution.
PhpBB2 forum viewtopic.php is one of the script file that is used to view the post content. Through this vulnerability an attacker could run arbitrary code on the service. Net-Worm.Perl.Santy.a is a perl script code used to prepare the worm, the phpBB2 exploits remote execution of system commands intrusion hosts, once the invasion success and get a running start to send a request to google, the search can invade the host. If you use phpBB2 version below 2.0.11, you will need to remove the worm. (1) cleaning steps: open viewtopic.php file, in the following code, add a line: $ topic_id = $ post_id = false; if(isset($HTTP_GET_VARS[POST_TOPIC_URL])) { $topic_id=intval($HTTP_GET_VARS[POST_TOPIC_URL]); } elseif(isset($HTTP_GET_VARS['topic'])) { $topic_id=intval($HTTP_GET_VARS['topic']); } Also adds the following code in viewtopic.php file: $ join_sql_table = (! isset ($ post_id))? '': ', ' .POSTS_TABLE. " p,".POSTS_TABLE." p2"; $join_sql=(!isset($post_id))?" t.topic_id=$topic_id":"p.post_id=$post_idANDt.topic_id=p.topic_idANDp2.topic_id=p.topic_idANDp2.post_id <=$post_id"; > $count_sql=(!isset($post_id))?'':",COUNT(p2.post_id)ASprev_posts"; $order_sql=(!isset($post_id))?'':"GROUPBYp.post_id,t.topic_id,t.topic_title,t.topic_status,t.topic_replies,t.topic_time,t.topic_type,t.topic_vote,t.topic_last_post_id,f.forum_name,f.forum_status,f.forum_id,f.auth_view,f.auth_read,f.auth_post,f.auth_reply,f.auth_edit,f.auth_delete,f.auth_sticky,f.auth_announce,f.auth_pollcreate,f.auth_vote,f.auth_attachmentsORDERBYp.post_idASC"; Replace with: $ join_sql_table = (empty ($ post_id))? '': ', ' .POSTS_TABLE. " p,".POSTS_TABLE." p2"; $join_sql=(empty($post_id))?" t.topic_id=$topic_id":"p.post_id=$post_idANDt.topic_id=p.topic_idANDp2.topic_id=p.topic_idANDp2.post_id <=$post_id"; > $count_sql=(empty($post_id))?'':",COUNT(p2.post_id)ASprev_posts"; $order_sql=(empty($post_id))?'':"GROUPBYp.post_id,t.topic_id,t.topic_title,t.topic_status,t.topic_replies,t.topic_time,t.topic_type,t.topic_vote,t.topic_last_post_id,f.forum_name,f.forum_status,f.forum_id,f.auth_view,f.auth_read,f.auth_post,f.auth_reply,f.auth_edit,f.auth_delete,f.auth_sticky,f.auth_announce,f.auth_pollcreate,f.auth_vote,f.auth_attachmentsORDERBYp.post_idASC"; Then click on "start"-"search"-"manOr folder "in the file name, enter" m1h020f ", find all deleted after. Up to now, this worm also not updated variants. Has been very to control. 2.phpBB2.0.12 security vulnerability analysis and resolution, in addition to the methods: phpBB2.0.12 versions exist two security vulnerabilities, one of the very serious, allows any user to gain administrative rights, another vulnerability could cause a server path disclosure. The first vulnerability exists in the includes/sessions.php file, its $ sessiondata [' autologinid '] variable types and comparison operations, a remote attacker can spoof the value of the special variables used to determine the legality of the actions the user always returns true, so the use of any user can not know the password to the administrator of the authentication is successful. The second vulnerability is viewtopic.php file, due to both the message filtering is not sufficient to make the path disclosure possible. A remote attacker could exploit this vulnerability to gain administrative rights. Workaround to upgrade version 2.0.14. Steps: 1. the database backup: phpBB2 itself can backup your data, click phpBB2 forum administrator control panel "General management"-"database tool management: backup"-"" select whole backup options "to complete the overall backup Forum data, see Figure-4. Map-4phpBB2 Forum data backup is a backup of the file: phpbb_db_backup.sql, you can see that is an SQL file. 2. using network backup mysql data: phpBB2 itself does not perform network backup, then you can use the Mysql data export and import tools: mysqldump. (1) local backup: backing up using mysqldump is very simple, if you want to back up the database "phpbb_db_backup", use the command: # mysqldump-u-pphpbb_db_backup >/usr/backups/mysql/phpbb_db_backup.2005.5.6 can also use gzip command on the backup file compression: # mysqldumpphpbb_db_backup | gzip >/usr/backups/mysql/phpbb_db_backup.2005.5.6. Restore data using the command gz: # mysql – u-pphpbb_db_backup/mnt/backup_share/phpbb_db_backup.2005-5-6 to MYSQL data to use Windows remote computer needs to be installed on the Linux side Samab agreement. And then the Windows computer on the creation of a directory (/arc) and share, give it a read and write permissions. Similarly in MYSQL Server/mnt directory create a backup_share1 directory, and then mount: # mount-tsmbfs-ousername = cjh, password = XXXX//192.168.1.18/arc/mnt/backup_sare last backup using the command: # mysqldumpphpbb_Db_backup >/mnt/backup_share/phpbb_db_backup.2005-5-6 3. upgrade to the latest version of phpBB2 Forum: download the latest version of phpBB-2.0.14 extracted to a temporary directory, back up your original data, and then overwrite the original config.php file to a temporary directory in config.php, delete the original phpBB2 installation directory, the latest version of phpBB2 to/var/www/html/directory: # mvphpBB2/var/www/html/ppbb2 and then in your browser enter: http://localhost/phpbb2/install/update_to_2014.php upgrade automatically, the system if a figure-5 represents a successful upgrade: figure-5phpBB2 version upgrade interface upgrade finished similarly to delete the installation file (to prevent others using these files to modify system information), # chmod644config.pp # rm-rfinstall # rm-rfcontrib then data recovery, click phpBB2 forum administrator control panel "General management"-"management tools" database: you can restore the restore "to the Forum data backup time. 2. other security measures 1. administrator permissions of the system administrators have phpBB2 's permission, which permission may be with other principal permission conflicts caused unexpected errors, so it is best not to let system administrators when moderators. In addition to run with root permissions is also less secure MYSQL, it is recommended to use other users running MYSQL. By: # mysql-uroot-p Enterpassword: xxxxxxxxx ... mysql > updateusersetuser = "cao" whereuser = "root"; mysql>flushprivileges; Mysql > quit Bye then you'll have access via cao account mysql database. 2.php profile security settings: phpinfo and get_cfg_var is useful mainly for debugger correctly, when the LAMP after the installation completes its use should be banned, edit the php.ini file to line disable_functions = phpinfo: Eclipse, so you can avoid leakage get_cfg_var system service information. PHP and Apache other security measure you can view the author: teach you how to use PHP to develop secure applications, link: http://tech.ccidnet.com/pub/article/c1113_a239881_p1.html
No comments:
Post a Comment