Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24572 PoC — RaspAP 操作系统命令注入漏洞

Source
https://github.com/gerbsec/CVE-2020-24572-POC
Associated Vulnerability
Title:RaspAP 操作系统命令注入漏洞 (CVE-2020-24572)
Description:RaspAP 2.5中的webconsole.php 存在安全漏洞,攻击者在认证登陆RaspAP后,通过修改相关配置信息在RaspAP宿主操作系统中执行任意命令。
Description
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.
Readme
# CVE-2020-24572-POC
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.
This is a remake of https://github.com/lb0x/cve-2020-24572.
If you wish to use the original click on their link.

I added payload options, and didn't limit the exploit to the hopes of having sudo rights on executing /etc/raspap/lighttpd/configport.sh
I think anyone can do sudo -l and exploit it incase it's there.
Like always this is for education purposes only.
File Snapshot

 [4.0K]  /data/pocs/7c9c9c685e471232473cdbdd550283106a7deafe
├── [2.9K]  exploit.py
├── [ 34K]  LICENSE
└── [ 702]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.