Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

# #59

Closed
chauncyman opened this issue Nov 25, 2021 · 8 comments
Closed

# #59

chauncyman opened this issue Nov 25, 2021 · 8 comments

Comments

@chauncyman
Copy link

chauncyman commented Nov 25, 2021

PublicCMS v4.0 Value parameter has command execution vulnerability

Vulnerability Type :

command execution

Vulnerability Version :

4.0

##Vulnerability location:
PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/co
ntroller/admin/sys/SysSiteAdminController.java:249

Vulnerability Description AND recurrence:

Manual audit of publiccms source code,a command execution vulnerability was discovered

Vulnerable link 1: PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/contr
oller/admin/sys/SysSiteAdminController.java:211

parameters is the source of taint, value:<>(parameters是污点来源,value:<>)
image

Vulnerable link 2:PublicCMS-4.0.202107.c/publiccms-parent/publiccms- core/src/main/java/com/publiccms/controller/admin/sys/SysSiteAdminController.java:223

The stain is passed from parameters to cmdarray, value:<>(污点从parameters传递至cmdarray,value:<>)
image

Vulnerable link 3:PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/contr
oller/admin/sys/SysSiteAdminController.java:249
RCE type risk trigger, caused by the input parameter cmdarray, value:<> (RCE类型风险触发,由入参cmdarray导致,value:<>)
image

@zrquan
Copy link

zrquan commented Jan 25, 2022

这里不是做了限制吗

@sanluan sanluan closed this as completed Feb 11, 2022
@Howsson
Copy link

Howsson commented Mar 10, 2022

不是已经白名单了吗 看这里

@zongdeiqianxing
Copy link

这个作者认定不存在的漏洞 也能分配cve嘛??
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23389

1 similar comment
@zongdeiqianxing
Copy link

这个作者认定不存在的漏洞 也能分配cve嘛??
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23389

@0neOfU4
Copy link

0neOfU4 commented Apr 6, 2022

这种感觉是某种代码审计工具扫描出来的,应该自己试试再报吧,至少有个利用成功截图比较好

@zongdeiqianxing
Copy link

关键是还申请到cve了 就离谱

这种感觉是某种代码审计工具扫描出来的,应该自己试试再报吧,至少有个利用成功截图比较好

@chauncyman chauncyman changed the title Arbitrary command execution vulnerability(任意命令执行漏洞) # Apr 6, 2022
@0neOfU4
Copy link

0neOfU4 commented Apr 6, 2022

关键是还申请到cve了 就离谱

这种感觉是某种代码审计工具扫描出来的,应该自己试试再报吧,至少有个利用成功截图比较好

dd行为,就是好奇用的啥工具,类似于codeql吗

@shellfeel
Copy link

关键是还申请到cve了 就离谱

这种感觉是某种代码审计工具扫描出来的,应该自己试试再报吧,至少有个利用成功截图比较好

dd行为,就是好奇用的啥工具,类似于codeql吗

没错就是codeql 😜

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants