7.5
CVSSv2

CVE-2013-1412

Published: 02/06/2014 Updated: 03/06/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 800
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

DataLife Engine (DLE) 9.7 allows remote malicious users to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Affected Products

Vendor Product Versions
DlevietDatalife Engine9.7

Exploits

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...
------------------------------------------------------------------ DataLife Engine 97 (previewphp) PHP Code Injection Vulnerability ------------------------------------------------------------------ [-] Software Link: dlevietcom/ [-] Affected Version: 97 only [-] Vulnerability Description: The vulnerable code is located in the / ...

Mailing Lists

Datalife Engine version 97 engine/previewphp bindshell exploit that binds a shell to port 4444 ...
DataLife Engine version 97 suffers from a PHP code injection vulnerability in previewphp ...

Metasploit Modules

DataLife Engine preview.php PHP Code Injection

This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when there is a template installed which contains a [catlist] or [not-catlist] tag, even when the template isn't in use currently. The template can be configured with the TEMPLATE datastore option.

msf > use exploit/unix/webapp/datalife_preview_exec
      msf exploit(datalife_preview_exec) > show targets
            ...targets...
      msf exploit(datalife_preview_exec) > set TARGET <target-id>
      msf exploit(datalife_preview_exec) > show options
            ...show and set options...
      msf exploit(datalife_preview_exec) > exploit