The-Secretary icon indicating copy to clipboard operation
The-Secretary copied to clipboard

Published 20 hours ago verified publisher icon mikaelstaer

install rce

Open Inkqaqz opened this issue 3 years ago • 3 comments

my env: Version 2.5 php 5.3.29 windows

At /install.php:90,user input was saved to /system/assistants/config.inc.php causing RCE 图片 图片

Create a new database named test";phpinfo();# and then visit /instll.php to install the website 图片 Then visit /system/assistants/config.inc.php 图片

Inkqaqz avatar Nov 04 '21 08:11 Inkqaqz

Let me look into this. I know other users have had issues trying to install on local...

mikaelstaer avatar Nov 05 '21 21:11 mikaelstaer

@chan115117 Did anything get added to the database?

You can create the config file manually by creating config.inc.php in /system/assistants/

<?php
$settings['DB_SERVER']= "mysql_server_address";
$settings['DB_NAME']= "db_name";
$settings['DB_USERNAME']= "db_username";
$settings['DB_PASSWORD']= "db_password";


$settings['COOKIE_TIME']= "604800";
$settings['COOKIE_PATH']= "/";
$settings['COOKIE_DOMAIN']= ".";


$settings['SKIN']= "starling";
?>

mikaelstaer avatar Nov 11 '21 15:11 mikaelstaer

@mikaelstaer Just to be clear, this is a security issue leading to a Remote Code Execution vulnerability. A CVE has been published a few days ago: https://nvd.nist.gov/vuln/detail/CVE-2021-43479

dbolkensteyn avatar Apr 08 '22 10:04 dbolkensteyn