PoC materials to exploit the RCE on OCS Inventory. The full publicaiton is available on XMCO website :
Usage:
exploit.py <creds> <target>
Note: An admin account is needed to exploit the vulnerability.
In order to exploit this scenario, you juste need to upload the page to your server and redirect the victim to the xss-to-rce.html
webpage.