Shulou(Shulou.com)06/01 Report--

Near the end of September, seacms officially upgraded the marine cms system to version 9.95. Our SINE security found a problem when detecting website vulnerabilities in its source code, which can cause global variables to be overwritten. There can be ultra vires vulnerabilities in the backend and log in to the administrator account directly by bypassing the background security detection. Let's analyze the details of this vulnerability in detail:

Seacms is mainly designed and developed for webmasters of the Internet, a station building system for small and medium-sized enterprises, and the rapid development of the mobile Internet. The system can automatically adapt to the ports of computer, mobile, tablet, app and other users. The code is open source and free, and it can be redeveloped. PHP+Mysql database architecture is favored by the majority of website operators.

Our SINE security engineer conducted a detailed security audit of the code and found a loophole in a variable coverage. at first, we thought that this was the only place that could lead to the occurrence of website vulnerabilities. I did not expect that this system could lead to vulnerabilities in global variable coverage, with a wide range of influence. The security filtering and judgment of the seacms system was done well, and rest assured that it could be parallel ultra vires in other places. And directly log in to the background is administrator privileges. Default variable coverage here is a function of security validation. In line 22 of common.php in the configuration code, you can see the security validation of variables in the get,post,cookies request mode. The security audit of the code found that the variable coverage value in line 34 was judged without security restrictions on the key value, which led to the occurrence of this vulnerability. We can use this value for global variable coverage. Both seeion and CFG values can be overridden.

Let's verify the vulnerability of the website, build the local environment, download the latest version of seacms, and use the apache+php5.5+mysql database environment. We register a user with ordinary permissions at the foreground, use the package grabbing tool to intercept the data of post, and we override the value of cfg_user to assign administrator permissions. As long as the cfg_user is not 0, we can always maintain the login status in the background. If we visit the backstage address directly, we can log in directly. The screenshot is as follows:

With the website backend administrator permissions, generally want to upload webshell, then the background we found a loophole in the code security audit, you can insert php statements and splice to cause the site Trojan files can be uploaded, in the watermark image text function, receive the registration value of the picture can be inserted into phpinfo and executed, as shown below.

On the marine CMS website vulnerability detection, as well as the entire code security audit, mainly there are global variable coverage vulnerabilities, and the background can write malicious php statements spliced into webshell vulnerabilities. With regard to the vulnerability repair of the website, it is recommended that website operators upgrade seacms to the latest version, regularly change the background address of the website, as well as the administrator's account password, if they do not know much about security, they can also find a professional website security company to deal with, repair the loopholes of the website, domestic SINE security, Kai Ming Star, Green Alliance, are all quite good, and there are security loopholes in the website code all the time. What can be done is to update the code in time, or conduct regular penetration testing and vulnerability testing of the website to ensure the safe and stable operation of the website.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.