CVE-2017-16921 PoC — OTRS 安全漏洞

Source

https://github.com/Smarttfoxx/OTRS-4.0.1-6.0.1-Remote-Command-Execution

Associated Vulnerability

Title:OTRS 安全漏洞 (CVE-2017-16921)
Description:In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Description

CVE-2017-16921: In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Readme

# OTRS-4.0.1-6.0.1 Remote Command Execution
This exploit is developed based on https://www.exploit-db.com/exploits/43853
It will perform the authentication against OTRS panel and provide a reverse shell.

Usage: python3 CVE-2017-16921.py <RHOST> <email> <password> <LHOST> <LPORT>

CVE-2017-16921:
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Credits to Hex_26 for the ChallengeToken retrieval function and Bæln0rn for the initial exploit.

File Snapshot


 [4.0K]  /data/pocs/dd3d384efb5586c3a3e4b1a35a1f94b5e1f572bf
├── [5.8K]  CVE-2017-16921.py
└── [ 706]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!