lty628 Aidigu Deserialization Vulnerability in PHP Object Handler Remote Code Execution
Vulnerability
A critical vulnerability allowing arbitrary PHP object deserialization has been identified in lty628 Aidigu versions through 1.8.2. This issue resides in the 'checkUserCookie' function within '/application/common.php', where the 'rememberMe' cookie is deserialized without proper validation. This flaw can be exploited remotely, with public knowledge of the vulnerability and an available exploit that leads to remote code execution on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where Aidigu is installed.
Reproduction
To reproduce this vulnerability, send a request to the 'index/setting/loginAjax' endpoint with a crafted 'rememberMe' cookie. The cookie should contain serialized data that, when deserialized by the application, triggers the vulnerability. This can be done using a PHP script to generate the payload, which includes object properties that, when processed by the application, execute arbitrary code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.