Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection #405

Open
EricFrank900528 opened this issue Apr 11, 2022 · 0 comments

Comments

@EricFrank900528
Copy link

EricFrank900528 commented Apr 11, 2022

1.Information

Exploit Title: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection
Exploit date: 11.04.2022
Exploit Author: ericfrank900528@gmail.com
Vendor Homepage: https://github.com/ionize/ionize
Affect Version: V1.0.8.1
Description: Code injection in Ionize CMS 1.0.8.1 allows attackers to execute commands remotely via a code injection request from client.

2.Vulnerability Description

The exploit code is located in the project's application/models/lang_model.php file
In the copy_lang_content method, the code is as follows.
The POST parameter from is spliced into the function content parameter in the create_function function without any processing or checking, resulting in a code injection vulnerability
copy_lang_content_source

3.How to Exploit

Construct the attack packet to achieve the effect of executing the whoami command.
copy_lang_content_prove

4.Suggestion

Validate the parameters in the post request to avoid Code injection

@EricFrank900528 EricFrank900528 changed the title IonizeCMS-V1.0.8.1-Unverified post request parameters lead to code injection IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection Apr 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant