CVE-2022-39986 PoC — RaspAP 命令注入漏洞

Source

https://github.com/tucommenceapousser/RaspAP-CVE-2022-39986-PoC

Associated Vulnerability

Title:RaspAP 命令注入漏洞 (CVE-2022-39986)
Description:A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.

Description

CVE-2022-39986 PoC

Readme



# CVE-2022-39986 Proof of Concept for RaspAP RCE
![banner](images/banner1.png)

Proof of Concept script for exploiting the RaspAP (CVE-2022-39986) vulnerability. This vulnerability allows an attacker to execute arbitrary commands on a target system through `ajax/openvpn/del_ovpncfg.php` API endpoint.

## Usage

1. Clone this repository to your local machine:

   ```
   git clone https://github.com/WhiteOwl-Pub/RaspAP-CVE-2022-39986-PoC 
   cd RaspAP-CVE-2022-39986-PoC
   ```
2. Run the exploit script:

    ```python3 raspAP-RCE.py [target IP] [target port] [command/"command with flags"]```

Example:

`python3 raspAP-RCE.py 192.168.1.100 8080 "ls -la"`

## Disclaimer

This PoC script is provided for educational and research purposes only. The author and contributors are not responsible for any misuse, damage, or illegal activities caused by the use of this script.

File Snapshot


 [4.0K]  /data/pocs/d3fafa9e0f5553dac6c9245fc9b7028f637cab57
├── [4.0K]  images
│   └── [ 50K]  banner1.png
├── [1.3K]  raspAP-RCE.py
└── [ 879]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!