CVE-2019-19509
The target rConfig instance is vulnerable to CVE-2019-19509 due to its outdated version
/Practice/Quackerjack/3-Exploitation/attachments/{CE9C538B-058D-4EAB-9BA2-71CFD45D6851}.png)
A vulnerability has been found in rConfig and classified as critical. Affected by this vulnerability is the function exec of the file ajaxArchiveFiles.php of the component System. The manipulation of the argument path as part of System Command leads to os command injection. This vulnerability is known as CVE-2019-19509. The attack can be launched remotely. Furthermore, there is an exploit available.
Exploit
/Practice/Quackerjack/3-Exploitation/attachments/{9E62619A-FFED-4562-85C9-122D973F4CD7}.png)
Original exploit repository located
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack]
└─$ git clone https://github.com/v1k1ngfr/exploits-rconfig ; cd exploits-rconfig
Cloning into 'exploits-rconfig'...
remote: Enumerating objects: 100, done.
remote: Counting objects: 100% (100/100), done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 100 (delta 44), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (100/100), 33.75 KiB | 2.11 MiB/s, done.
Resolving deltas: 100% (44/44), done.Cloning the exploit repo to Kali
Modification
/Practice/Quackerjack/3-Exploitation/attachments/{A23C5891-8875-4EE6-9582-50E674EB9194}.png)
/Practice/Quackerjack/3-Exploitation/attachments/{1BCF58FC-11C3-41AD-97B8-450041434E68}.png)
Fixing the line 65 and 72 of the rconfig_CVE-2019-19509.py file, to not check self-signed certificate