CVE-2020-24572 PoC — RaspAP 操作系统命令注入漏洞

Source

https://github.com/lb0x/cve-2020-24572

Associated Vulnerability

Title:RaspAP 操作系统命令注入漏洞 (CVE-2020-24572)
Description:RaspAP 2.5中的webconsole.php 存在安全漏洞，攻击者在认证登陆RaspAP后，通过修改相关配置信息在RaspAP宿主操作系统中执行任意命令。

Readme

# CVE-2020-24572

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.

File Snapshot


 [4.0K]  /data/pocs/64a5046986a3f0bb0c103d7ebe1cc8a6a6241a58
├── [2.5K]  raspap_pwn.py
└── [ 335]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.