Expression Engine 3.4.2: Code Reuse Attack

5 Dec 2016 by Hendrik Buchwald

Expression Engine

Expression Engine is a popular general purpose content management system that is used by thousands of individuals, organizations, and companies around the world. The open-source version has about 250,000 lines of code and is a medium-sized web application. In this post, we will examine a code reuse vulnerability that leads to remote code execution. This vulnerability type allows an attacker to partly control the applications logic and to chain existing code fragements.

Read More ...