PCI 컴플라이언스의 보안 메트릭에서 검사를 실행할 때 다음과 같은 오류 메시지가 나타납니다. 누구든지이 문제를 해결하는 방법을 알고 있습니까?보안 메트릭
*Title: vulnerable web program (phpRPC) Impact: A remote attacker could execute arbitrary commands, create or overwrite files, or view files or directories on the web server.
Data Sent: POST /ie/modules/phpRPC/server.php HTTP/1.0
Host: example.com
Content-type: text/xml Content-Length:162 <?xml version="1.0"?> <methodCall> <methodName>test.method</methodName> <params> <param> <value><base64>'));system(id);exit; </param> </params> </methodCall>
Data Received: ????<img height="1" width="1" style="border- style:none;" alt="" src="//googleads.g.doubleclick.net/p agead/viewthroughconversion/997970389/?value=0&label=PlcJCKu92AQ Q1aPv2wM&guid=ON&script=0"/>
Resolution: 03/09/06 CVE 2006-1032 phpRPC is an xmlrpc library that uses database and rpc-protocol abstraction. It is prone to a remote code execution vulnerability because the decode() function within the rpc_decoder.php script fails to adequately sanitize user-supplied input before processing it in an eval() call.
Successful exploitation would result in arbitrary code execution in the context of the application. PHP scripts that implement the phpRPC library, such as RunCMS, are affected by this issue. RunCMS 1.1 through 1.3.a5 are affected, as is phpRPC up to 0.7.
Resolution: phpRPC is not currently being maintained. RunCMS users should upgrade to a version higher than 1.3.a5 which will hopefully include a fix.
Risk Factor: High/ CVSS2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE: CVE-2006-1032 BID: 16833 [Less]*
감사합니다,
롭. 이미 가지고 있지 않다면, 예제에서 도메인 등을 변경하는 것이 좋습니다. –