CVE-2013-1412
published 2014-06-02CVE-2013-1412: DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a…
PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
40.47%
98.5th percentile
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dleviet | datalife_engine | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to /engine/preview.php containing preg_replace e-modifier injection patterns in the catlist[] parameter, specifically payloads with ')|| followed by PHP function calls such as eval(), printf(), or base64_decode(). ↗
- →Alert on POST requests to engine/preview.php where the catlist[] parameter body contains eval(base64_decode( — a strong indicator of active exploitation payload delivery. ↗
- →Exploitation requires a template containing a [catlist] or [not-catlist] tag to be installed (not necessarily active). Investigate template configurations when triaging exploitation attempts. ↗
- →The vulnerable code path is specifically at lines 249 and 253 of /engine/preview.php, where preg_replace is called with the #ies flag. Monitor file integrity of this file for unauthorized modifications. ↗
- ·Exploitation is only possible when a template containing a [catlist] or [not-catlist] tag is installed on the target instance, even if that template is not currently active. ↗
- ·The vulnerability affects DataLife Engine version 9.7 only. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DataLife Engine - 'preview.php' PHP Code Injection (Metasploit)
exploitdb·2013-02-01
CVE-2013-7387 DataLife Engine - 'preview.php' PHP Code Injection (Metasploit)
DataLife Engine - 'preview.php' PHP Code Injection (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'DataLife Engine preview.php PHP Code Injection',
'Description' => %q{
This module exploits a PHP code injection vulnerability DataLife Engine 9.7.
The vulnerability exists in preview.php, due to an insecure usage of preg_replace()
with the e modifier, which allows to inject arbitrary php code, when the template
in use contains a [catlist] or [not-catlist] tag.
},
'Author' =>
[
'EgiX', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'L
Exploit-DB
DataLife Engine 9.7 - 'preview.php' PHP Code Injection
exploitdb·2013-01-28·CVSS 7.5
CVE-2013-7387 [HIGH] DataLife Engine 9.7 - 'preview.php' PHP Code Injection
DataLife Engine 9.7 - 'preview.php' PHP Code Injection
---
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
[-] Software Link:
http://dleviet.com/
[-] Affected Version:
9.7 only.
[-] Vulnerability Description:
The vulnerable code is located in the /engine/preview.php script:
246. $c_list = implode (',', $_REQUEST['catlist']);
247.
248. if( strpos( $tpl->copy_template, "[catlist=" ) !== false ) {
249. $tpl->copy_template = preg_replace( "#\\[catlist=(.+?)\\](.*?)\\[/catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}')", $tpl->copy_template );
250. }
251.
252. if( strpos( $tpl->copy_template, "[not-catlist=" ) !== false ) {
253. $tpl->copy_template = preg_replace( "#\\[not-catlist=(.+?)\\](.*?)\\[/not-catlist\\]#ies", "check_category('\\1', '\\2', '{$c_lis
Metasploit
DataLife Engine preview.php PHP Code Injection
metasploit
DataLife Engine preview.php PHP Code Injection
DataLife Engine preview.php PHP Code Injection
This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when there is a template installed which contains a [catlist] or [not-catlist] tag, even when the template isn't in use currently. The template can be configured with the TEMPLATE datastore option.
http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.htmlhttp://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.htmlhttp://karmainsecurity.com/KIS-2013-01http://osvdb.org/89662http://secunia.com/advisories/51971http://www.exploit-db.com/exploits/24438http://www.exploit-db.com/exploits/24444http://www.securityfocus.com/bid/57603http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.htmlhttp://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.htmlhttp://karmainsecurity.com/KIS-2013-01http://osvdb.org/89662http://secunia.com/advisories/51971http://www.exploit-db.com/exploits/24438http://www.exploit-db.com/exploits/24444http://www.securityfocus.com/bid/57603
2014-06-02
Published