https://github.com/ice-wzl/fuel-1.4.1-rce-updated

https://github.com/ice-wzl/fuel-1.4.1-rce-updated

exploit exploitation exploits fuel-cms poc rce reverse-shell

Last synced: about 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/ice-wzl/fuel-1.4.1-rce-updated
• Owner: ice-wzl
• License: unlicense
• Created: 2021-08-16T22:07:15.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-03-13T12:40:40.000Z (11 months ago)
• Last Synced: 2024-03-13T13:52:10.105Z (11 months ago)
• Topics: exploit, exploitation, exploits, fuel-cms, poc, rce, reverse-shell
• Language: Python
• Homepage:
• Size: 9.77 KB
• Stars: 8
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        

# Fuel-1.4.1-RCE-Updated

- Update to CVE-2018-16763

- Exploit Title: fuel CMS 1.4.1 - Remote Code Execution (1)

- Date: 2021-08-16

- Origional exploit Author: 0xd0ff9

- Updated exploit Author: ice-wzl

- Vendor Homepage: https://www.getfuelcms.com/

- Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1

- Version: <= 1.4.1

- Tested on: Ubuntu - Apache2 - php5

### Update Changes

- Updated exploit to work with python3

- Exploit takes sys.argvs instead of having to pass commands in ""

- Immediatly spawns a reverse shell to a netcat listener

- Removed Burp proxy code so it functions as a stand alone RCE exploit without having to modify the code.

## Usage

![proof](https://user-images.githubusercontent.com/75596877/129636542-bf1b5ca2-a387-4316-b2ed-9b4030b92654.png)

- First Argument: Target ip address

- Second Argument: Attack box ip address

- Third Argument: Call back port