Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-17553 PoC — Naviwebs Navigate CMS 安全漏洞

Source
https://github.com/MidwintersTomb/CVE-2018-17553
Associated Vulnerability
Title:Naviwebs Navigate CMS 安全漏洞 (CVE-2018-17553)
Description:Naviwebs Navigate CMS是一套开源的内容管理系统(CMS)。 Naviwebs Navigate CMS 2.8版本中的navigate_upload.php文件存在安全漏洞。攻击者可通过发送特制的POST请求利用该漏洞执行代码。
Description
CVE-2018-17553 PoC
Readme
# CVE-2018-17553
CVE-2018-17553 PoC (Navigate CMS version 2.8 and prior)

This proof of concept was put together when working on the Black Pearl box from TCM.  I couldn't find anyone that put out a PoC other than just using Metasploit.  As I'm avoiding Metasploit in my hacking journey to then go back and do everything all over again with it, I whipped this together quickly for anyone else in the same boat.

This PoC assumes that you've already manually exploited CVE-2018-17552 to gain access (or have gained access in some other fashion).

I currently do not have the script performing any validation of your input or error checking of the results spit back out by cURL.  It's up to you to understand what you're doing and to put in a modicum of work if it fails.

Obviously, this requires that you have cURL installed on whatever machine you run this from.

The original intended use was to load a PHP webshell, but realistically, you can upload any file that will then become a PHP page.
File Snapshot

 [4.0K]  /data/pocs/e60fa991602f50d9db8b233e1071395a92d31e6b
├── [ 34K]  LICENSE
├── [1.7K]  poc.sh
└── [ 995]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.