Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

install rce #10

Open
Inkqaqz opened this issue Nov 4, 2021 · 3 comments
Open

install rce #10

Inkqaqz opened this issue Nov 4, 2021 · 3 comments

Comments

@Inkqaqz
Copy link

Inkqaqz commented Nov 4, 2021

my env:
Version 2.5
php 5.3.29
windows

At /install.php:90,user input was saved to /system/assistants/config.inc.php causing RCE
图片
图片

Create a new database named test";phpinfo();# and then visit /instll.php to install the website
图片
Then visit /system/assistants/config.inc.php
图片
@mikaelstaer
Copy link
Owner

Let me look into this.
I know other users have had issues trying to install on local...

@mikaelstaer
Copy link
Owner

mikaelstaer commented Nov 11, 2021
edited

@chan115117 Did anything get added to the database?

You can create the config file manually by creating config.inc.php in /system/assistants/

<?php
$settings['DB_SERVER']= "mysql_server_address";
$settings['DB_NAME']= "db_name";
$settings['DB_USERNAME']= "db_username";
$settings['DB_PASSWORD']= "db_password";


$settings['COOKIE_TIME']= "604800";
$settings['COOKIE_PATH']= "/";
$settings['COOKIE_DOMAIN']= ".";


$settings['SKIN']= "starling";
?>

@dbolkensteyn
Copy link

@mikaelstaer Just to be clear, this is a security issue leading to a Remote Code Execution vulnerability. A CVE has been published a few days ago: https://nvd.nist.gov/vuln/detail/CVE-2021-43479

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikaelstaer @dbolkensteyn @Inkqaqz