describe:
The target has a global variable override vulnerability.
1. Affected versions DEDECMS 5.7, 5.6, 5.5.
2. The vulnerability file /include/common.inc.php
3. There is a vulnerability in the global variable initialization of DEDECMS, which can arbitrarily override any global variable.
harm:
1. Hackers can redefine database connections through this vulnerability.
2. Through this vulnerability, various unauthorized operations are constructed, and the vulnerability is directly written into the webshell backdoor.
Temporary solution:
Find the code for registering variables in /include/common.inc.php
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) $ {$_k} = _RunMagicQuotes($_v);
}
is modified to
foreach(Array('_GET','_POST','_COOKIE') as $_request)
{
foreach($$_request as $_k => $_v) {
if ( strlen($_k)>0 && eregi('^(cfg_|GLOBALS)',$_k) ){
exit('Request var not allow!');
}
${$_k} = _RunMagicQuotes($_v);
}
}