This repository contains a Python script to exploit two vulnerabilities: CVE-2019-18818 and CVE-2019-19609.# Exploits for CVE-2019-18818 and CVE-2019-19609
This repository contains a Python script to exploit two vulnerabilities: CVE-2019-18818 and CVE-2019-19609.
## CVE-2019-18818
This vulnerability allows an attacker to reset the password of an admin user in the Strapi CMS.
### Usage
1. Modify the `target` and `strapi_port` variables in the script to match the target Strapi instance.
2. Run the script to reset the admin password.
## CVE-2019-19609
This vulnerability allows an attacker to execute arbitrary commands on the server running Strapi CMS.
### Usage
1. Modify the `local_ip` and `local_port` variables in the script to match your local machine's IP and desired port for the reverse shell.
2. Ensure you have a netcat listener running on the specified port: `nc -lvnp <local_port>`.
3. Run the script to send the remote shell payload.
## Disclaimer
This script is intended for educational purposes only. Use it at your own risk. The author is not responsible for any damage caused by this script.
## Requirements
- Python 3
- `requests` library
- `pwntools` library
### Installation
```bash
pip install requests pwntools
```
[4.0K] /data/pocs/cf67cc6adb8e0231166bcad24812c905a12dd60d
├── [1.5K] CVE-2019-18818_CVE-2019-19609.py
└── [1.1K] README.md
0 directories, 2 files