Shopware createInstanceFromNamedArguments PHP Object Instantiation

Posted by deepcore on May 22, 2019 – 8:20 am

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Mac OS X Feedback Assistant Race Condition XNU Stale Pointer Use-After-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Shopware createInstanceFromNamedArguments PHP Object Instantiation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL