CVE-2021-31630 PoC — OpenPLC 代码注入漏洞

Source

Associated Vulnerability

Description

OpenPLC 3 WebServer Authenticated Remote Code Execution.

Readme

# CVE-2021-31630
OpenPLC 3 WebServer Authenticated Remote Code Execution.

## Description
The presence of Command Injection in Open PLC Webserver v3 enables remote attackers to run arbitrary code by exploiting the "Hardware Layer Code Box" component found on the "/hardware" page of the application.
Only tested in Wifinetictwo.htb machine from hackthebox.

## Usage
```
usage: openplc_exploit.py [-h] [--usage] --ip ADDR --port PORT --target URL -U USER -P PASSWORD
                          [--payload-program PAYLOAD_PROGRAM]

options:
  -h, --help            show this help message and exit
  --usage               show usage message
  --ip ADDR             ip address for the reverse connection
  --port PORT           port number to the reverse connection
  --target URL          target url. Example: http://localhost:8080
  -U USER, --username USER
                        username to log int to openplc web server
  -P PASSWORD, --password PASSWORD
                        password to log in to openplc web server
  --payload-program PAYLOAD_PROGRAM
                        structured text openplc format to send to /upload-program
```

## References
- [CVE-2021-31630](https://www.clouddefense.ai/cve/2021/CVE-2021-31630)

File Snapshot

 [4.0K]  /data/pocs/6ffe2785811eb367e72aa57456d60f87c7653dad
├── [9.2K]  exploit.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks