Skip to content

JetP1ane/Zena-CVE-2021-45026

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.idea
.idea
 
 
.gitignore
.gitignore
 
 
CookieMonster.py
CookieMonster.py
 
 
README.md
README.md
 
 
payload-js.txt
payload-js.txt
 
 

Repository files navigation

Zena - Stored XSS to RCE Exploit POC

Exploit POC for Rocket Software's Zena application v. 4.2.1 - Stored XSS to RCE

CVE-2021-45025

CVE-2021-45026

https://phoenix-sec.io/2022/06/17/Zena-CookieMonsteRCE.html

Credits: James Barnett and Jeff Green

POC Process:

  • Logs into Zena's webconfig page using default credentials
  • Drops Stored XSS payload
  • Payload needs to be triggered by someone navigating to the webconfig page
  • Triggered payload uses REST API backend of Zena to find an agent and build a Task for that agent
  • Task is then triggered for agent thus executing the specified command

To Run:

  • python CookieMonster.py <hostname/ip> <TLS/SSL - True or False> <cmd.exe command>
    • Example: python3 CookieMonster.py 127.0.0.1 False "/c whoami > c:/out.txt"

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages