当我对PCI合规性的安全指标执行扫描时,我收到以下错误消息。有谁知道如何解决这个问题?
*Title: vulnerable web program (phpRPC) Impact: A remote attacker could execute arbitrary commands, create or overwrite files, or view files or directories on the web server.
Data Sent: POST /ie/modules/phpRPC/server.php HTTP/1.0
Host: example.com
Content-type: text/xml Content-Length:162 <?xml version="1.0"?> <methodCall> <methodName>test.method</methodName> <params> <param> <value><base64>'));system(id);exit; </param> </params> </methodCall>
Data Received: ????<img height="1" width="1" style="border- style:none;" alt="" src="//googleads.g.doubleclick.net/p agead/viewthroughconversion/997970389/?value=0&label=PlcJCKu92AQ Q1aPv2wM&guid=ON&script=0"/>
Resolution: 03/09/06 CVE 2006-1032 phpRPC is an xmlrpc library that uses database and rpc-protocol abstraction. It is prone to a remote code execution vulnerability because the decode() function within the rpc_decoder.php script fails to adequately sanitize user-supplied input before processing it in an eval() call.
Successful exploitation would result in arbitrary code execution in the context of the application. PHP scripts that implement the phpRPC library, such as RunCMS, are affected by this issue. RunCMS 1.1 through 1.3.a5 are affected, as is phpRPC up to 0.7.
Resolution: phpRPC is not currently being maintained. RunCMS users should upgrade to a version higher than 1.3.a5 which will hopefully include a fix.
Risk Factor: High/ CVSS2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE: CVE-2006-1032 BID: 16833 [Less]*
答案 0 :(得分:6)
这是一个相对古老的问题,但我相信这是答案,因为我遇到了完全相同的问题。
安全指标有效地尝试调用id的linux命令,这将返回类似uid=1000(rob) gid=1000(rob) groups=...
我的理论是Security Metrics正在检查字符串uid=的响应,以查看代码是否已在远程服务器上执行。这将巧合地与Google的再营销标签相匹配。例如。在你的问题中, uid = 部分:src="//googleads.g.doubleclick.net/p agead/viewthroughconversion/997970389/?value=0&label=PlcJCKu92AQ Q1aPv2wM&guid=ON&script=0"
我的解决方案是在我们的404页面上完全删除Google Remarketing标记,而不仅仅是使用JS或HTML注释将其注释掉。因为正在为其发布的网址(/scripts/modules/phpRPC/server.php)返回的404页面试图找到漏洞。
我希望这可以帮助您或其他任何遇到此问题的人。
谢谢,
罗布
答案 1 :(得分:0)
这是一个相对严重的问题,因为服务器上的RPC服务可供攻击者使用。在不知道系统细节的情况下,我不推荐具体的修复方法。但是,您看到的漏洞很可能是由过时的系统引起的。您应该升级并安装所有补丁。如果您的平台已经过EOLed,请转到更新的版本。 The Common Vulnerability Enumeration has some specific information about the vulnerability identified by your scanner that may help you.