Skip to content

UNICORDev/exploit-CVE-2020-5844

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 

Repository files navigation

Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution

GitHub CVE Cover

Like this repo? Give us a ⭐!

For educational and authorized security research purposes only.

Exploit Author

@UNICORDev by (@NicPWNs and @Dev-Yeoj)

Vulnerability Description

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.

Exploit Description

Use this exploit for remote code execution on vulnerable versions of Pandora FMS. Requires a target IP address and port. Requires valid username/password or valid PHPSESSID cookie authentication. Run in default mode to upload a basic PHP web shell. Run in custom command mode to run a custom command on the target. Run in reverse shell mode to receive a reverse shell from the target on a listener you set up. Run in web shell custom mode to change the name of the PHP web shell file.

Usage

  python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -u <username> <password>
  python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID>
  python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-c <custom-command>]
  python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-s <local-ip> <local-port>]
  python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-w <name.php>]
  python3 exploit-CVE-2020-5844.py -h

Options

  -t    Target host and port. Provide target IP address and port.
  -u    Target username and password. Provide username and password to log in to Pandora FMS.
  -p    Target valid PHP session ID. No username or password needed. (Optional)
  -s    Reverse shell mode. Provide local IP address and port. (Optional)
  -c    Custom command mode. Provide command to execute. (Optional)
  -w    Web shell custom mode. Provide custom PHP file name. (Optional)
  -h    Show this help menu.

Download

Download exploit-CVE-2020-5844.py from GitHub

Download exploit-CVE-2020-5844.py from ExploitDB

Searchsploit (ExploitDB)

searchsploit -u
searchsploit -m 50961

Applies To

Pandora FMS v7.0NG.742

Exploit Requirements

  • python3
  • python3:requests

Demos

Default Mode with Username and Password

default

Default Mode with PHPSESSID

default_sess

Custom Command Mode

command

Reverse Shell Mode

shell

Custom Web Shell Name Mode

web

Credits