🔥 Burn Fat Fast. Discover How! 💪

Chasing a Dream :: Pre-authenticated Remote Code Execution in | PT SWARM

Chasing a Dream :: Pre-authenticated Remote Code Execution in Dedecms
 by Steven Seeley

Technical review of Chinese CMS “Dedecms” including its attack surface and how it differs from other applications. In the end, the author ends up with a pre-authenticated remote code execution vulnerability impacting the v5.8.1 pre-release.

Contents:
• Threat Modeling
• Defense in Depth
• Finding a pre-authenticated endpoint
• ShowMsg Remote Code Execution Vulnerability
• Summary
• Vulnerability Analysis
• Proof of Concept
• Reporting
• Conclusion
• References

https://srcincite.io/blog/2021/09/30/chasing-a-dream-pwning-the-biggest-cms-in-china.html
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.