Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/theunknownsoul/cve-2024-7808

RCE exploit for low privileged user via CSRF in open-webui
https://github.com/theunknownsoul/cve-2024-7808

csrf hack-tool open-webui rce-exploit

Last synced: 26 days ago
JSON representation

RCE exploit for low privileged user via CSRF in open-webui

Awesome Lists containing this project

README 

        
# CVE-2024-7808 :skull:

 $${\color{red} THIS \space EXPLOIT \space MAY \space VIOLATE \space THE \space LAW.}$$ 

 $${\color{red}\space YOU \space ARE \space RESPONSIBLE  \space FOR \space YOUR \space ACTIONS.}$$ 

 $${\color{red}DEMONSTRATION \space PURPOSE \space ONLY.}$$



## DESCRIPTION



[RCE by Non-Admin Users via CSRF in open-webui](https://huntr.com/bounties/9350a68d-5f33-4b3d-988b-81e778160ab8) which

allow attacker to send malicious HTML document with build-in javascript that will upload and execute file contains revers 

shell.



Before main stage script starts web server to give HTML document with multipart form data submission  and netcat listener. 

Next, upload document to the vulnerable site and on page load event javascript  will upload file contains python revers 

shell. If everything is fine you'll receive revers shell in the terminal. Also, if directory listing is 

visible you can visit page and try to manually check file uploading process and debug.



## Preparation

1. Clone project

```git clone https://github.com/theUnknownSoul/CVE-2024-7806```

2. Change rights for ```install.sh``` script and run from root to install all necessary system dependencies

and rights.

3. Change port for web server and netcat listener in ```serve.sh``` script if needed.

4. Change IP and server port for reverse shell in a ```non_suspicious_file.py```. 

5. Install python dependencies with ``` pip install -r requirements.txt```



## Usage

```

python CVE-2024-7806.py -u 

```