Skip to content

Latest commit

 

History

History

CVE-2018-19423-Exploit

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

CVE-2018-19423-Exploit

Exploit Title: Codiad 2.8.4 - Remote Code Execution (Authenticated)

CVE description:

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.

ExploitDB:

Exploit description:

An authenticated attacker can upload an executable file, by using components/filemanager/controller.php as http://Ipaddr/components/filemanager/controller.php?action=upload&path=/var/www/html/data/projectname

Usage:

python3 exploit.py [target_IP] [target_port] [username] [password]

Usage Example:

Uploading Webshell:

grafik

Using Webshell:

grafik