Proof of Concept script for exploiting the RaspAP (CVE-2022-39986) vulnerability. This vulnerability allows an attacker to execute arbitrary commands on a target system through ajax/openvpn/del_ovpncfg.php API endpoint.
-
Clone this repository to your local machine:
git clone https://github.com/WhiteOwl-Pub/RaspAP-CVE-2022-39986-PoC cd RaspAP-CVE-2022-39986-PoC -
Run the exploit script:
python3 raspAP-RCE.py [target IP] [target port] [command/"command with flags"]
Example:
python3 raspAP-RCE.py 192.168.1.100 8080 "ls -la"
This PoC script is provided for educational and research purposes only. The author and contributors are not responsible for any misuse, damage, or illegal activities caused by the use of this script.