Skip to content

ArianeBlow/CVE-2021-27513-CVE-2021-27514

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
 
 
README.md
README.md
 
 

Repository files navigation

exploit-eyesofnetwork Version 5.3.5 up to 5.3.10

CVE-2021-27513 / CVE-2021-27514

#The brute-forcing can take a very long time on non production environement cause "session_id" is created at every login (but every session_id generated by the app are valide)
#for the PoC i deployed an EyesOfNetwork solution and I've simulate an daily use with 300 login (on production environement, I've found 230 entry in de "sessions" table in 3 months) 
#All session-id are created with only 8 to 10 DIGIT, so, that's easy on production environement to break one of them...
#For testing usage, change de "sessid" in the line .43 with an approached value of valide session_id (you find this in your cookie section or in eonweb database - "sessions_id" table (login:eonweb password:root66 on every instance of eyesofnetwork))

#Note : You can not upload more than 1 file withe the same name and the same URL, if the exploit fail, you have to edit the requests with another URL and filename (Orginal file name:shell2.xml.php original URL:https://ImSo.Famous)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages