module
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
| Disclosed |
|---|
| May 9, 2019 |
Disclosed
May 9, 2019
Description
This module exploits a php object instantiation vulnerability that can lead to RCE in
Shopware. An authenticated backend user could exploit the vulnerability.
The vulnerability exists in the createInstanceFromNamedArguments function, where the code
insufficiently performs whitelist check which can be bypassed to trigger an object injection.
An attacker can leverage this to deserialize an arbitrary payload and write a webshell to
the target system, resulting in remote code execution.
Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.
Shopware. An authenticated backend user could exploit the vulnerability.
The vulnerability exists in the createInstanceFromNamedArguments function, where the code
insufficiently performs whitelist check which can be bypassed to trigger an object injection.
An attacker can leverage this to deserialize an arbitrary payload and write a webshell to
the target system, resulting in remote code execution.
Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.