8945b320b5
20 changes to exploits/shellcodes/ghdb Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution Cmaps v8.0 - SQL injection EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) File Thingie 2.5.7 - Remote Code Execution (RCE) Intern Record System v1.0 - SQL Injection (Unauthenticated) Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Jedox 2022.4.2 - Code Execution via RPC Interfaces Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Jedox 2022.4.2 - Remote Code Execution via Directory Traversal KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE) Online Pizza Ordering System v1.0 - Unauthenticated File Upload pluck v4.7.18 - Stored Cross-Site Scripting (XSS) Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE) Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS) Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
18 lines
No EOL
594 B
Text
18 lines
No EOL
594 B
Text
# Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
|
|
# Date: 2023-05-02
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: https://wolf-cms.readthedocs.io
|
|
# Software Link: https://github.com/wolfcms/wolfcms
|
|
# Version: 0.8.3.1
|
|
# Tested on: Kali Linux
|
|
|
|
### Steps to Reproduce ###
|
|
|
|
# Firstly, go to the "Files" tab.
|
|
# Click on the "Create new file" button and create a php file (e.g:
|
|
shell.php)
|
|
# Then, click on the file you created to edit it.
|
|
# Now, enter your shell code and save the file.
|
|
# Finally, go to https://localhost/wolfcms/public/shell.php
|
|
|
|
### There's your shell! ### |