edit-icon download-icon

[Vulnerability notice] Unlimited getshell vulnerability on the Typecho front-end

Last Updated: Apr 18, 2018

On October 25, 2017, Alibaba Cloud security intelligence center detected an arbitrary code execution vulnerability in the domestic blog software Typecho caused by deserialization. Attackers can exploit this vulnerability to run code without restrictions and obtain Webshells. This poses a high security risk.

Typecho is a PHP-based, simple, and lightweight blogging program that uses various databases such as MySQL, PostgreSQL, and SQLite to store data. Typecho is released with the GPL Version 2 license. It is an open source program that currently uses SVN for version management.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

Unlimited getshell vulnerability on the Typecho front-end

Vulnerability rating

High

Vulnerability description

Attackers can use the install.php page to remotely create malicious request packets and run any code, bringing serious security risks to the business.

Condition and method of exploitation

The vulnerability can be remotely exploited through PoC.

PoC status

Published

Affected scope

Typecho < 0.9

Vulnerability detection

Check whether any affected version of Typecho is used and whether the install directory exists.

How to fix or mitigate

  • Workaround: Delete the install.php file.

  • Synchronize the official branch in time and update the code to the latest version.

  • Upgrade Typecho to Typecho 1.1 or a later version released on the official website.

Thank you! We've received your feedback.