安全指标

Question

在对PCI合规性的安全指标执行扫描时，我收到以下错误消息。有人知道如何解决这个问题吗？

*Title: vulnerable web program (phpRPC) Impact: A remote attacker could execute arbitrary commands, create or overwrite files, or view files or directories on the web server.

Data Sent: POST /ie/modules/phpRPC/server.php HTTP/1.0

Host: example.com

Content-type: text/xml Content-Length:162 <?xml version="1.0"?> <methodCall> <methodName>test.method</methodName> <params> <param> <value><base64>'));system(id);exit; </param> </params> </methodCall>

Data Received: ????<img height="1" width="1" style="border- style:none;" alt="" src="//googleads.g.doubleclick.net/p agead/viewthroughconversion/997970389/?value=0&amp;label=PlcJCKu92AQ Q1aPv2wM&amp;guid=ON&amp;script=0"/>

Resolution: 03/09/06 CVE 2006-1032 phpRPC is an xmlrpc library that uses database and rpc-protocol abstraction. It is prone to a remote code execution vulnerability because the decode() function within the rpc_decoder.php script fails to adequately sanitize user-supplied input before processing it in an eval() call.
Successful exploitation would result in arbitrary code execution in the context of the application. PHP scripts that implement the phpRPC library, such as RunCMS, are affected by this issue. RunCMS 1.1 through 1.3.a5 are affected, as is phpRPC up to 0.7.

Resolution: phpRPC is not currently being maintained. RunCMS users should upgrade to a version higher than 1.3.a5 which will hopefully include a fix.

Risk Factor: High/ CVSS2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE: CVE-2006-1032 BID: 16833 [Less]*

Answer 1

这是一个相对古老的问题，但我相信这就是答案，因为我有完全相同的问题。

安全度量实际上是在尝试调用id的linux命令，该命令将返回类似以下uid=1000(rob) gid=1000(rob) groups=...的内容

我的理论是，Security Metrics检查字符串uid=的响应，以查看代码是否已在远程服务器上执行。这与Google的Remarketing标签不谋而合。例如：在您的问题中，uid=部分为：src="//googleads.g.doubleclick.net/p agead/viewthroughconversion/997970389/?value=0&label=PlcJCKu92AQ Q1aPv2wM&guid=ON&script=0"

我的解决方案是在我们的404页面上完全删除Google Remarketing标签，而不仅仅是用JS或HTML注释掉它。因为它是为url返回的404页面，他们将该url发布到(/scripts/modules/phpRPC/server.php)以尝试查找漏洞。

我希望这对你或任何遇到这个问题的人都有帮助。

谢谢,

抢夺

Answer 2

这是一个相对严重的问题，因为你的服务器上的RPC服务可能会被攻击者使用。如果不了解系统的具体情况，我不能推荐具体的修复方法。但是，您看到的漏洞很可能是由过时的系统引起的。您应该升级并安装所有补丁。如果你的平台已经是EOLed了，那就换个新的。The Common Vulnerability Enumeration has some specific information about the vulnerability identified by your scanner that may help you.