The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.
The exploit allows remote attackers to execute arbitrary commands on the target system by creating a malicious module in Backdrop CMS version 1.27.1.
The exploit allows an authenticated attacker to execute arbitrary commands on the target system. By uploading a PHP shell through the 'uploadedfile' parameter in the 'index.php' script, the attacker can run system commands via the 'cmd' parameter in the uploaded PHP shell.
Exploit to execute commands exploiting CVE-2022-22963
Remote Command Execution (RCE) vulnerability in Webgrind <= 1.1 allow remote unauthenticated attackers to inject OS commands via /<webgrind_path_directory>/index.php in dataFile parameter. Reflected Cross-Site Scripting (XSS) vulnerability in Webgrind v1.1 and before, does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability via the /<webgrind_path_directory>/index.php, in file parameter.
Exploit for gain reverse shell on Remote Command Execution via API
GNU gdbserver is vulnerable to a Remote Command Execution (RCE) vulnerability. An attacker can send a specially crafted packet to the gdbserver, which will execute arbitrary code on the target system. The vulnerability is due to the lack of proper validation of user-supplied input when handling the 'vCont' command. This allows an attacker to send a malicious payload to the gdbserver, which will be executed on the target system.
First of all, an attacker should use the file upload section to upload a malicious shell containing the code <?PHP system($_GET['cmd']);?>. Then, the attacker should go to the content section, click Files and upload the malicious php file. Finally, the attacker should go to the URL of the malicious file with the command as a parameter (e.g. yourserver/textpattern/files/yourphp.php?cmd=yourcode;). After the malicious file is uploaded, the attacker can execute arbitrary commands on the server.
The xcms's footer(that is in "/dati/generali/footer.dtb") is included in each page of the xcms. Taking "home.php" for example, the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So with a simple html form, an attacker can change the footer and insert malicious code. Trick: We can change the admin panel password by inserting this code in the footer. Fix: The fix is very simple, just add an exit() after the header() in the cpie.php.
Cacti is vulnerable to Remote Command Execution (RCE) due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary commands on the server.