Chasing a Dream :: Pre-authenticated Remote Code Execution in | PT SWARM
Chasing aDream :: Pre-authenticated Remote Code Execution in Dedecms by Steven Seeley
Technical review of Chinese CMS “Dedecms” including its attack surface and how it differs from other applications. In the end, the author ends up with a pre-authenticated remote code execution vulnerability impacting the v5.8.1 pre-release.
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...