https://github.com/noraj/fuelcms-rce
Fuel CMS 1.4 - Remote Code Execution
https://github.com/noraj/fuelcms-rce
cve-2018-16763 exploit fuel-cms poc rce remote-code-execution
Last synced: 3 months ago
JSON representation
Fuel CMS 1.4 - Remote Code Execution
- Host: GitHub
- URL: https://github.com/noraj/fuelcms-rce
- Owner: noraj
- License: mit
- Created: 2020-11-14T21:25:12.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-11-13T15:41:56.000Z (over 3 years ago)
- Last Synced: 2025-04-12T05:38:36.404Z (3 months ago)
- Topics: cve-2018-16763, exploit, fuel-cms, poc, rce, remote-code-execution
- Language: Ruby
- Homepage:
- Size: 5.86 KB
- Stars: 7
- Watchers: 2
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Fuel CMS RCE exploit / PoC
> Fuel CMS 1.4 - Remote Code Execution
Exploit / PoC for [CVE-2018-16763](https://nvd.nist.gov/vuln/detail/CVE-2018-16763).
[[EDB-49487]](https://www.exploit-db.com/exploits/49487) [[PacketStorm](https://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html)] [[WLB-2020110119](https://cxsecurity.com/issue/WLB-2020110119)]
## Usage
```
$ ruby exploit.rb -h
Fuel CMS 1.4 - Remote Code Execution
Usage:
exploit.rb
exploit.rb -h | --help
Options:
Root URL (base path) including HTTP scheme, port and root folder
The system command to execute
-h, --help Show this screen
Examples:
exploit.rb http://example.org id
exploit.rb https://example.org:8443/fuelcms 'cat /etc/passwd'
```
## Requirements
- [httpclient](https://github.com/nahi/httpclient)
- [docopt.rb](https://github.com/docopt/docopt.rb)
Example for BlackArch:
```
pacman -S ruby-httpclient ruby-docopt
```
Example using gem:
```
gem install httpclient docopt
```
## Demo environment
```
$ docker pull her0ma/fuelcms
$ docker run -d -p 8099:80 -p 3306:3306 her0ma/fuelcms /bin/startup.sh
$ ruby exploit.rb http://127.0.0.1:8099/index.php/ 'ls -lhA'
```
## Reference
This is a better re-write of [EDB-ID-47138][EDB-ID-47138] ([Github](https://github.com/dinhbaouit/CVE-2018-16763)):
- better output (displays only command's output)
- using arguments (instead of hardcoded values)
- cleaner & more customizable
- using ruby (python2 is deprecated)
This exploit was tested with Ruby 2.7.2, 3.0.2.
About [EDB-ID-47138][EDB-ID-47138]:
```
# Exploit Title: fuelCMS 1.4.1 - Remote Code Execution
# Date: 2019-07-19
# Exploit Author: 0xd0ff9
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763
```
[EDB-ID-47138]:https://www.exploit-db.com/exploits/47138