内容安全 
大数据安全 
网络安全 
更多产品 
Dolibarr多个SQL注入漏洞(CVE-2014-7137)
发表日期:2014-11-24 16:56:24
Dolibarr多个SQL注入漏洞(CVE-2014-7137)
BugTraq-ID:71189
CVE-ID:CVE-2014-7137
发布日期:2014-11-19
更新日期:2014-11-20
受影响系统:
Dolibarr Dolibarr ERP 3.5.3
未受影响系统:
Dolibarr Dolibarr ERP 3.6.1
详细信息:
Dolibarr ERP/CRM是管理公司业务信息的软件。 Dolibarr 3.5.3及其他版本在实现上存在多个SQL注入漏洞,攻击者可利用此漏洞执行未授权数据库操作。
来源:
Jerzy Kramarz
参考信息:
http://www.securityfocus.com/archive/1/534020
测试方法:
警告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!http://[IP]/dolibarr/product/stock/fiche.php?action=edit&id=1<SQL Injection> http://[IP]/dolibarr/product/stock/liste.php?sref=55<SQL Injection>&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55 http://[IP]/dolibarr/product/stock/liste.php?sref=555-555-0199 (at) example (dot) c [email concealed] om&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55<SQL Injection> http://[IP]/dolibarr/projet/element.php?ref=PJ1407<SQL Injection> http://[IP]/dolibarr/projet/tasks/index.php?search_project=5<SQL Injection>bqve&button_search.x=1&button_search.y=1&mode= http://[IP]/dolibarr/compta/prelevement/demandes.php?search_societe=5<SQ L Injection>&search_facture=5&button_search.x=1&button_search.y=1 http://[IP]/dolibarr/comm/mailing/liste.php?sref=5<SQL Injection>&sall=5&x=1&y=1 http://[IP]/dolibarr/comm/mailing/liste.php?sref=5&sall=5<SQL Injection>&x=1&y=1 http://[IP]/dolibarr/compta/sociales/index.php?search_label=5<SQL Injection>&button_search.x=1&button_search.y=1 http://[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.numbe r<SQL Injection>&sortorder=asc&begin=& http://[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.numbe r&sortorder=asc<SQL Injection>&begin=& http://[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=& http://[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref&sorto rder=asc<SQL Injection>&begin=& http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg in=&sref=&snom=&sall=&tosell=<SQL Injection>&tobuy=&type=& http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg in=&sref=&snom=&sall=&tosell=&tobuy=<SQL Injection>&type=& http://[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorde r=ASC&sref=5&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&bu tton_search.y=1&type=&search_categ=4<SQL Injection>&sortfield=stock_physique http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg in=&sref=&snom=&sall=&tosell=1<SQL Injection>&tobuy=&type=& http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg in=&sref=&snom=&sall=&tosell=1&tobuy=<SQL Injection>&type=& http://[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c. rowid<SQL Injection>&sortorder=asc&begin=&id=2 http://[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c. rowid&sortorder=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2 http://[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid\'&sortor der=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.r owid<SQL Injection>&sortorder=asc&begin=&id=2 http://[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.r owid&sortorder=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid<SQL Injection>&sortorder=asc&begin=&id=2 http://[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid&sortorde r=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/product/stock/fiche.php?id=0<SQL Injection> http://[IP]/dolibarr/product/stock/info.php?id=0<SQL Injection> http://[IP]/dolibarr/product/stock/liste.phpsortfield=e.label&sortorder= asc<SQL Injection>&begin=& http://[IP]/dolibarr/product/stock/liste.php?sortfield=e.label<SQL Injection>&sortorder=asc&begin=& http://[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorde r=ASC&sref=5<SQL Injection>&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&butt on_search.y=1&type=&search_categ=4&sortfield=stock_physique http://[IP]/dolibarr/product/stock/massstockmove.php?productid=1<SQL Injection>&token=9d491e55462571d39390bd136f4f50da&id_tw=-1&action=addlin e&qty=5&id_sw=-1&addline=%D8%B1%D8%AA%D8%AE%D8%A7&search_productid=5 http://[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref& sortorder=asc<SQL Injection>&begin=& http://[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref< SQL Injection>&sortorder=asc&begin=& http://[IP]/dolibarr/projet/contact.php?id=1&action=deletecontact&lineid =21<SQL Injection> http://[IP]/dolibarr/projet/contact.php?id=1&action=swapstatut&ligne=21< SQL Injection> http://[IP]/dolibarr/projet/tasks/contact.php?id=1&action=swapstatut&lig ne=21<SQL Injection> http://[IP]/dolibarr/compta/recap-compta.php?socid=1<SQL Injection> http://[IP]/dolibarr/holiday/index.php?mainmenu=holiday&id=1<SQL Injection> http://[IP]/dolibarr/projet/tasks/contact.php?id=2&source=internal&token =acff06ed1720e3ec66a16918dcee2bfd&action=addcontact&type=181&contactid=2 <SQL Injection>&withproject=1 http://[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection> http://[IP]/dolibarr/projet/contact.php?ref=PJ1407-0002<SQL Injection> http://[IP]/dolibarr/projet/ganttview.php?ref=PJ1407-0002<SQL Injection> http://[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection> http://[IP]/dolibarr/projet/note.php?ref=PJ1407-0002<SQL Injection> http://[IP]/dolibarr/projet/tasks/contact.php?project_ref=PJ1407-0002<SQ L Injection>&withproject=1 http://[IP]/dolibarr/projet/tasks.php?ref=PJ1407-0002<SQL Injection>&mode=mine http://[IP]/dolibarr/projet/tasks/note.php?project_ref=PJ1407-0002<SQL Injection>&withproject=1 http://[IP]/dolibarr/contact/info.php?id=2<SQL Injection>&optioncss=print http://[IP]/dolibarr/societe/commerciaux.php?socid=117260852<SQL Injection>&optioncss=print http://[IP]/dolibarr/compta/dons/liste.php?statut=2<SQL Injection> http://[IP]/dolibarr/societe/rib.php?socid=1<SQL Injection>&optioncss=print http://[IP]/dolibarr/adherents/liste.php?leftmenu=members&statut=1<SQL Injection>&filter=outofdate&idmenu=9431&mainmenu=members http://[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc& begin=&tosell=43<SQL Injection>&tobuy=&type=0&fourn_id=&snom=&sref=& http://[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc& begin=&tosell=&tobuy=3<SQL Injection>&type=0&fourn_id=&snom=&sref=& http://[IP]/dolhttp://[IP]/dolibarr/product/index.php?leftmenu=product&t ype=0<SQL Injection>&idmenu=2819&mainmenu=products http://[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid<SQL Injection>&sortorder=asc&begin=&id=2 http://[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid&sortord er=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/user/index.php?sortfield=u.login&sortorder=asc&begi n=search_user=&sall=&search_statut=<SQL Injection>& http://[IP]/dolibarr/compta/bank/fiche.php?id=<SQL Injection> http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5<SQL Injection>&search_societe=5&search_ligne=5&search_bon=5&button_search.x= 1&button_search.y=1 http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s ociete=5<SQL Injection>&search_ligne=5&search_bon=5&button_search.x=1&button_search.y =1 http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s ociete=5&search_ligne=5<SQL Injection>&search_bon=5&button_search.x=1&button_search.y=1 http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s ociete=5&search_ligne=5&search_bon=5<SQL Injection>&button_search.x=1&button_search.y=1 http://[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref&sortord er=asc<SQL Injection>&begin=& http://[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=& http://[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid&sortor der=asc<SQL Injection>&begin=&id=2 http://[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2
解决办法:
厂商补丁:
Dolibarr
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.dolibarr.org/
https://www.portcullis-security.com/security-research-and-downloads/secu rity-advisories/cve-2014-7137/
