关联漏洞
标题:
Qualitor 安全漏洞
(CVE-2023-47253)
描述:Qualitor是一个应用。 Qualitor 8.20版本及之前版本存在安全漏洞。攻击者利用该漏洞通过html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden参数中的PHP代码执行任意代码。
描述
CVE-2023-47253 | Qualitor <= 8.20 RCE
介绍
# CVE-2023-47253
CVE-2023-47253 | Qualitor <= 8.20 RCE
## Description
Qualitor is a platform for business process management, and this system is present in various companies in Brazil that can be identified simply by using Google dorking.
Our team identified a vulnerability in the application susceptible to Remote Code Execution (RCE), which allows remote execution of PHP code, such as functions like system() and passthru().
In the code below, you can see the source code of the vulnerable page calling an eval() function, which enables the remote execution of codes. This occurs in the file /html/ad/adpesquisasql/request/processVariavel.php.
```php
include("../../../../configLingua.php");
header("Content-type: text/javascript; charset=".$_SESSION['A_appEncoding']);
header("Expires: Thu, 01 Jan 1990 00:00:00 GMT");
$strReturn = '';
eval($_REQUEST['gridValoresPopHidden']);
importClass('AdPesquisaSqlVar');
$bean = new AdPesquisaSqlVarBean();
$vo = $bean->povoaVoComArray($_REQUEST);
if (in_array($_REQUEST['nmalias'],
array('dtiniciomesatual',
'dtfimmesatual',
'dtiniciomespassado',
```
## Proof of Concept (POC)
Just access the URL with your PHP code in "gridValoresPopHidden" parameter.
### Researches
https://www.linkedin.com/in/xvinicius/
https://www.linkedin.com/in/hairrison-wenning-4631a4124/
- OpenXP Research Team
文件快照
[4.0K] /data/pocs/8f5cbcd20eb48d46b144d37dad4d5b8378c71be4
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。