https://github.com/unicordev/exploit-cve-2020-5844
Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution
https://github.com/unicordev/exploit-cve-2020-5844
cve cve-2020-5844 exploit hackthebox linux pandora penetration-testing proof-of-concept python remote-code-execution unicord vulnerability
Last synced: 17 days ago
JSON representation
Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution
- Host: GitHub
- URL: https://github.com/unicordev/exploit-cve-2020-5844
- Owner: UNICORDev
- Created: 2022-05-19T22:50:44.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-02-17T17:50:35.000Z (over 1 year ago)
- Last Synced: 2025-05-19T06:10:00.338Z (about 1 month ago)
- Topics: cve, cve-2020-5844, exploit, hackthebox, linux, pandora, penetration-testing, proof-of-concept, python, remote-code-execution, unicord, vulnerability
- Language: Python
- Homepage: https://unicord.dev/exploit-CVE-2020-5844
- Size: 67.4 KB
- Stars: 8
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution
**Like this repo? Give us a ⭐!**
*For educational and authorized security research purposes only.*
## Exploit Author
[@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))
## Vulnerability Description
`index.php?sec=godmode/extensions&sec2=extensions/files_repo` in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects `v7.0NG.742_FIX_PERL2020`.
## Exploit Description
Use this exploit for remote code execution on vulnerable versions of Pandora FMS. Requires a target IP address and port. Requires valid username/password or valid PHPSESSID cookie authentication. Run in default mode to upload a basic PHP web shell. Run in custom command mode to run a custom command on the target. Run in reverse shell mode to receive a reverse shell from the target on a listener you set up. Run in web shell custom mode to change the name of the PHP web shell file.
## Usage
```bash
python3 exploit-CVE-2020-5844.py -t -u
python3 exploit-CVE-2020-5844.py -t -p
python3 exploit-CVE-2020-5844.py -t -p [-c ]
python3 exploit-CVE-2020-5844.py -t -p [-s ]
python3 exploit-CVE-2020-5844.py -t -p [-w ]
python3 exploit-CVE-2020-5844.py -h
```
## Options
```bash
-t Target host and port. Provide target IP address and port.
-u Target username and password. Provide username and password to log in to Pandora FMS.
-p Target valid PHP session ID. No username or password needed. (Optional)
-s Reverse shell mode. Provide local IP address and port. (Optional)
-c Custom command mode. Provide command to execute. (Optional)
-w Web shell custom mode. Provide custom PHP file name. (Optional)
-h Show this help menu.
```
## Download
[Download exploit-CVE-2020-5844.py from GitHub](https://raw.githubusercontent.com/UNICORDev/exploit-CVE-2020-5844/main/exploit-CVE-2020-5844.py)
[Download exploit-CVE-2020-5844.py from ExploitDB](https://www.exploit-db.com/exploits/50961)
### Searchsploit (ExploitDB)
```bash
searchsploit -u
searchsploit -m 50961
```
## Applies To
Pandora FMS v7.0NG.742
## Exploit Requirements
- python3
- python3:requests
## Demos
### Default Mode with Username and Password
### Default Mode with PHPSESSID
### Custom Command Mode
### Reverse Shell Mode
### Custom Web Shell Name Mode
## Credits
- https://nvd.nist.gov/vuln/detail/CVE-2020-5844
- https://sourceforge.net/projects/pandora/files/Pandora%20FMS%207.0NG/742_FIX_PERL2020/Tarball/pandorafms_server-7.0NG.742_FIX_PERL2020.tar.gz
- https://app.hackthebox.com/machines/Pandora
- https://github.com/TheCyberGeek/CVE-2020-5844
- https://github.com/shyam0904a/Pandora_v7.0NG.742_exploit_unauthenticated
- https://www.exploit-db.com/exploits/50961