Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12078 PoC — Opmantek Open-AudIT 注入漏洞

Source
https://github.com/mhaskar/CVE-2020-12078
Associated Vulnerability
Title:Opmantek Open-AudIT 注入漏洞 (CVE-2020-12078)
Description:An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
Description
The official exploit for Open-AudIT v3.3.1 Remote Code Execution CVE-2020-12078
Readme
# CVE-2020-12078
The official exploit for Open-AudIT v3.3.1 Remote Code Execution CVE-2020-12078
![exploit image](openAudIT.png)
File Snapshot

 [4.0K]  /data/pocs/9f681deccbd620d9049656a75dbf194f5e945f0b
├── [924K]  openAudIT.png
├── [4.5K]  OpenAudIT-postauth-rce.py
└── [ 129]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →