Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "DedeCMS 5.8.1-beta - Remote Code Execution" module is designed to detect a vulnerability in the DedeCMS content management system (CMS) version 5.8.1-beta. This vulnerability allows an attacker to execute remote code on the target system, potentially leading to unauthorized access, data modification, and information disclosure. The severity of this vulnerability is classified as critical.
This module was authored by ritikchaddha.
If successfully exploited, the "DedeCMS 5.8.1-beta - Remote Code Execution" vulnerability can have severe consequences. An attacker can execute arbitrary code on the target system, which may result in unauthorized access to sensitive information, manipulation of data, and potential compromise of the entire CMS installation.
The module works by sending a specific HTTP request to the target system. It attempts to exploit the vulnerability by constructing a malicious code with template file inclusion without proper authorization. The request used by the module is as follows:
GET /plus/flink.php?dopost=save&c=cat%20/etc/passwd HTTP/1.1
Host: <hostname>
Referer: <?php "system"($c);die;/*ref
The module then applies matching conditions to determine if the vulnerability is present. The matching conditions used by this module are:
- The response body must contain the string "root:[x*]:0:0". - The HTTP response status code must be 200.If both matching conditions are met, the module reports the vulnerability.