Joomla错误:“从POST / GET变量执行Shell命令”
[英]Joomla Error: “shell command execution from POST/GET variables”
问题描述
I have a hacked Joomla site and ran a program called jamss which identifies possible security threats. 
我有一个受黑的Joomla网站,并运行了一个名为jamss的程序,该程序可识别可能的安全威胁。 One of the recommendations says: 其中一项建议是:
Pattern #23 - shell command execution from POST/GET variables --> found 1 occurence(s) in file ./xxx/xxx/index.php
Details: "Found direct shell command execution getting variables from POST/GET, which is highly dangerous security flaw or a part of malicious webrootkit"
Line #: 12
But I don't understand what that means. 但是我不明白那是什么意思。 The code is referring to this line: 该代码引用此行:
defined('_JEXEC') or die('Restricted access'); <----------------------
$url = clone(JURI::getInstance());
$path = $this->baseurl.'/templates/'.$this->template;
$rel_path = $this->baseurl.'/images/stories/';
And I don't see any POST or GET variables there. 而且我在那里看不到任何POST或GET变量。 Does anyone know why this line of code would be considered a security flaw? 有谁知道为什么将这行代码视为安全漏洞?
Thanks 谢谢
1 个解决方案
解决方案1
0 已采纳 2014-02-08 14:02:40
JAMSS rule #23 checks for these php functions: JAMSS规则#23检查以下php函数:
exec|passthru|shell_exec|system|proc_|popen exec | passthru | shell_exec | system | proc_ | popen
if any is present in the script, the alert [23] will be triggered. 如果脚本中存在任何警报,则会触发警报[23]。 Possibly JAMSS doesn't report the correct line or filename, but simply run a JAMSS可能无法报告正确的行或文件名,而只是运行
grep -rE "(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*" .
on the command line and you should see the actual files and the line numbers. 在命令行上,您应该看到实际的文件和行号。 Careful: you'll also get some extra false positives. 注意:您还会得到一些额外的误报。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.