Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/p0dalirius/cve-2022-45771-pwndoc-lfi-to-rce

Pwndoc local file inclusion to remote code execution of Node.js code on the server
https://github.com/p0dalirius/cve-2022-45771-pwndoc-lfi-to-rce

cve-2022-45771 exploit pwndoc rce

Last synced: 21 days ago
JSON representation

Pwndoc local file inclusion to remote code execution of Node.js code on the server

Host: GitHub
URL: https://github.com/p0dalirius/cve-2022-45771-pwndoc-lfi-to-rce
Owner: p0dalirius
Created: 2022-12-13T10:03:14.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-09-14T20:19:41.000Z (over 1 year ago)
Last Synced: 2024-12-18T18:50:12.283Z (about 1 month ago)
Topics: cve-2022-45771, exploit, pwndoc, rce
Language: Python
Homepage:
Size: 3.01 MB
Stars: 46
Watchers: 2
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

![](./.github/banner.png)

Pwndoc local file inclusion to remote code execution of Node.js code on the server, discovered by [@yuriisanin](https://github.com/yuriisanin)

## Features

- [x] Custom Node.js code to execute server-side using `--payload-file`
- [x] Cleanup after exploit

## Requirements

- [x] An admin account on the PwnDoc instance

## Usage

```
$ ./CVE-2022-45771-Pwndoc-LFI-to-RCE.py -h
CVE-2022-45771 Pwndoc-LFI-to-RCE v1.1 - by @podalirius_

usage: CVE-2022-45771-Pwndoc-LFI-to-RCE.py [-h] -u USERNAME -p PASSWORD -H HOST [-P PORT] [-v] [--http] [-f PAYLOAD_FILE]

Poc of CVE-2022-45771 Pwndoc-LFI-to-RCE

options:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Pwndoc username
-p PASSWORD, --password PASSWORD
Pwndoc password
-H HOST, --host HOST Pwndoc ip
-P PORT, --port PORT Pwndoc port
-v, --verbose Verbose mode. (default: False)
--http HTTP mode. (default: False)
-f PAYLOAD_FILE, --payload-file PAYLOAD_FILE
File containing node.js code to run on the server.
```

## Demonstration

```
./CVE-2022-45771-Pwndoc-LFI-to-RCE.py -u admin -p 'Admin123!' --host 127.0.0.1 --payload-file files/exploit.js
```

https://user-images.githubusercontent.com/79218792/207442497-3228c436-5755-4a9a-9931-b23402dc9e86.mp4

## References
- Issue https://github.com/pwndoc/pwndoc/issues/401 by [@yuriisanin](https://github.com/yuriisanin)
- https://www.youtube.com/watch?v=jffBkEdF7RY