New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Navigate CMS Unauthenticated Remote Code Execution #10704
Conversation
|
This module overwrites |
|
Is there a reason it needs to overwrite an existing file? You can specify cleanup code in a There are a few examples in the framework. Perhaps check out It's worth noting that if the application depends on the overwritten file to be exploitable, if you mess up, then you're then unable to re-exploit and repair the file, which is bad. |
|
Release NotesThe |
This module exploits two vulnerabilities in Navigate CMS 2.8 that allow an unauthenticated attacker to gain remote code execution.
Verification
wget http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8r1302.zipunzip navigate-2.8r1302.ziphttp://localhost/setup.phpmsfconsoleuse exploit/multi/http/navigate_cms_rceset RHOST <rhost>checkThe target appears to be vulnerable.is returnedexploitExample Output