Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-16763 PoC — FUEL CMS 注入漏洞

Source
https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-
Associated Vulnerability
Title:FUEL CMS 注入漏洞 (CVE-2018-16763)
Description:FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Description
The goal of this project was to conduct a security audit of a blog recently launched by Ackme Support Incorporated, identifying any critical vulnerabilities before the site goes public. The task involved finding a way to remotely execute code and gain access to the target system.
Readme

The goal of this project was to conduct a security audit of a blog recently launched by Ackme Support Incorporated, identifying any critical vulnerabilities before the site goes public. The task involved finding a way to remotely execute code and gain access to the target system.

Environment & Setup
Target system: Vulnerable virtual machine

Application: Fuel CMS

Version: 1.4

Exploit used: CVE-2018-16763

Tools:

Python exploit from GitHub

nc (netcat) — to receive the reverse shell

Attack Steps
1. Application Identification
After deploying the vulnerable machine and accessing it via the web interface, it was determined that the site was running Fuel CMS version 1.4, which is vulnerable to Remote Code Execution (RCE).

2. Finding a Working Exploit
Initial attempts using scripts from Exploit-DB resulted in runtime errors. After additional research, a working exploit was found on GitHub:

https://gist.github.com/anir0y/8529960c18e212948b0e40ed1fb18d6d#file-fuel-cms-py

The script was saved locally as fuel-cms.py.

3. Setting Up a Reverse Shell Listener
On the attacking machine, Netcat was used to listen for incoming reverse shell connections on port 8081:


nc -lvnp 8081
4. Launching the Exploit
The Python exploit was executed with the victim’s IP address. After entering the shell_me command, a reverse shell was successfully established.

5. Capturing the Flag
Once access was gained, the following commands were used to retrieve the flag:


cd /home/ubuntu
cat flag.txt
Flag: THM{ACKME_BLOG_HACKED}

 Conclusion
This project successfully demonstrated how to exploit a known vulnerability in Fuel CMS to gain remote shell access. Although the initial scripts failed, persistence and exploring alternative sources (such as GitHub) led to a successful exploitation.
File Snapshot

 [4.0K]  /data/pocs/39deaf068ff0ddde680b2722b0735ff55f95ad3b
├── [132K]  10.jpeg
├── [130K]  11.jpeg
├── [179K]  12.jpeg
├── [183K]  13.jpeg
├── [167K]  14.jpeg
├── [203K]  15.jpeg
├── [100K]  16.jpeg
├── [135K]  17.jpeg
├── [110K]  18.jpeg
├── [ 97K]  1.jpeg
├── [149K]  2.jpeg
├── [139K]  3.jpeg
├── [138K]  4.jpeg
├── [105K]  5.jpeg
├── [119K]  6.jpeg
├── [ 60K]  7.jpeg
├── [ 88K]  8.jpeg
├── [ 86K]  9.jpeg
└── [1.8K]  README.md

0 directories, 19 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →