Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VERSION 1.9.13, RELEASE 2020/01/10
Open the secure boot file setup.php,the file path is /phpwcms/setup/setup.php.Then it include /phpwcms/setup/inc/setup.check.inc.php in line 24.
/phpwcms/setup/setup.php
/phpwcms/setup/inc/setup.check.inc.php
open file /phpwcms/setup/inc/setup.check.inc.php and you can see line 35.
tarck the function write_conf_file() in /phpwcms/setup/inc/setup.func.inc.php in line 119.
/phpwcms/setup/inc/setup.func.inc.php
and in line 293,it will call function write_textfile() to write the config file in line 35.
in this interface,you can input some infomation like this.
root';phpinfo();$test='a
After completing it, click Submit.It will show some error information,but you can access like this address and you can see it run the injection code.
Filtering some sensitive characters.
The text was updated successfully, but these errors were encountered:
Fixes issue #286
2f69b33
- escape single quotes to avoid code injection - block direct access to setup.conf.inc.php
Thanks, patch should solve the problem.
Sorry, something went wrong.
3f3ba14
No branches or pull requests
Test version
VERSION 1.9.13, RELEASE 2020/01/10
Code audit
setup.php code
Open the secure boot file setup.php,the file path is
/phpwcms/setup/setup.php.Then itinclude
/phpwcms/setup/inc/setup.check.inc.phpin line 24.setup.check.inc.php code
open file
/phpwcms/setup/inc/setup.check.inc.phpand you can see line 35.setup.func.inc.php code
tarck the function write_conf_file() in
/phpwcms/setup/inc/setup.func.inc.phpin line 119.and in line 293,it will call function write_textfile() to write the config file in line 35.
Testing getshell
in this interface,you can input some infomation like this.
payload
After completing it, click Submit.It will show some error information,but you can access like this address and you can see it run the injection code.
Solution
Filtering some sensitive characters.
The text was updated successfully, but these errors were encountered: