CVE-2020-24572 PoC — RaspAP 操作系统命令注入漏洞

Source

Associated Vulnerability

Description

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.

Readme

# CVE-2020-24572-POC
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.
This is a remake of https://github.com/lb0x/cve-2020-24572.
If you wish to use the original click on their link.

I added payload options, and didn't limit the exploit to the hopes of having sudo rights on executing /etc/raspap/lighttpd/configport.sh
I think anyone can do sudo -l and exploit it incase it's there.
Like always this is for education purposes only.

File Snapshot

 [4.0K]  /data/pocs/7c9c9c685e471232473cdbdd550283106a7deafe
├── [2.9K]  exploit.py
├── [ 34K]  LICENSE
└── [ 702]  README.md

0 directories, 3 files

Remarks