Skip to content

IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection #405

Open
@EricFrank900528

Description

1.Information

Exploit Title: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection
Exploit date: 11.04.2022
Exploit Author: ericfrank900528@gmail.com
Vendor Homepage: https://github.com/ionize/ionize
Affect Version: V1.0.8.1
Description: Code injection in Ionize CMS 1.0.8.1 allows attackers to execute commands remotely via a code injection request from client.

2.Vulnerability Description

The exploit code is located in the project's application/models/lang_model.php file
In the copy_lang_content method, the code is as follows.
The POST parameter from is spliced into the function content parameter in the create_function function without any processing or checking, resulting in a code injection vulnerability
copy_lang_content_source

3.How to Exploit

Construct the attack packet to achieve the effect of executing the whoami command.
copy_lang_content_prove

4.Suggestion

Validate the parameters in the post request to avoid Code injection

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions