You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In PluXml v5.8.16 or lower, after logging in to the backend, there are any file modifications that can cause a Trojan to be written, causing RCE and posing a great threat to the server.
#829
Closed
4everwl opened this issue
Sep 12, 2024
· 4 comments
Here you can modify the theme code in the theme folder.
Request packet capture, try to modify the parameter template to: ../../index.php
What is returned at this time is the content of index.php. We try to modify the file content.
Request packet capture and change the parameter tpl to: ../../index.php
Successful echo.
Write Trojan.
get shell.
The cause of this vulnerability is that $filename is not strictly judged in the project's core/admin/parametres_edittpl.php, which allows users to splice paths to read and modify arbitrary files.
The text was updated successfully, but these errors were encountered:
That is not a trouble, why would an administrator load a trojan in its own site ? Are you of that kind yourself ?
If we follow your way of thinking, the whole administration itself is dangerous, hey, i can add a new article and even configure the CMS as I wish !
What I mean is that after logging in, the attacker obtains the login backend of the website and can use social workers or weak passwords to take down the website shell
okay, i understand but this is not specific to PluXml and why the administrator would do such a thing? If the issue is about a weak password, again this is not PluXml, but the USER. Or like i like to say, that weird thing standing in betwwen the chair and the keyboard ;)
There is a plugin that can make it harder to login, even with a weak password : https://kazimentou.fr/repo/index.php?plugin=kzOtPHP&download
But however , if both datas are stolen, or lost then found, there is nothing to be done to avoid someone else to log in. It can actually happen to any digital account one has. If i'm wrong or missed something, do not hesitate to tell me and forget my misunderstanding :)
Software Link :https://github.com/pluxml/PluXml
Website : https://pluxml.org/After
the installation is complete, log in as admin, open the page
Here you can modify the theme code in the theme folder.
Request packet capture, try to modify the parameter template to: ../../index.php
What is returned at this time is the content of index.php. We try to modify the file content.
Request packet capture and change the parameter tpl to: ../../index.php
Successful echo.
Write Trojan.
get shell.
The cause of this vulnerability is that $filename is not strictly judged in the project's core/admin/parametres_edittpl.php, which allows users to splice paths to read and modify arbitrary files.
The text was updated successfully, but these errors were encountered: