- Exploit Author: Ashish Koli (Shikari)
- Vendor Homepage: https://github.com/pluck-cms/pluck
- Version: 4.7.16
- CVE: CVE-2022-26965
- About this:
- This script uploads shell.tar to the PluckCMS. An application will untar the
- package which allows us to access Webshell.
- Usage : python3 exploit.py
- Example: python3 exploit.py 127.0.0.1 80 admin /pluck
- POC Exploit: https://youtu.be/vWZITp_FTTc
-
Notifications
You must be signed in to change notification settings - Fork 2
shikari00007/Pluck-CMS-Pluck-4.7.16-Theme-Upload-Remote-Code-Execution-Authenticated--POC
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published