HorizontCMS 1.0.0-beta Shell Upload

Posted by deepcore on November 14, 2020 – 8:25 pm

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Citrix ADC NetScaler Local File Inclusion Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

HorizontCMS 1.0.0-beta Shell Upload

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL