CVE-2019-11447

CutePHP Cute News 2.1.2 RCE PoC

CVE-2019-11447 CutePHP Cute News 212 RCE PoC Target : 212 This PoC script is based on a simple implementation of the original exploit by BobbySox The original exploit is an MSF module by Akuss This script needs the target ip address or domain along with credentials and it will automatically login, upload payload, trigger it and catch the reverse shell python cve-2019-114

Exploits CuteNews 2.1.2 via poor file upload checks used when uploading an avatar image leading to RCE.

CVE-2019-11447 - PoC Exploits CuteNews 212 via poor file upload checks used when uploading an avatar image leading to RCE Installation Clone the repository and install the requirements pip install -r requirementstxt Usage In order to upload an avatar you will require a CuteNews user account, this doesn't have to be an administrator account CVE-2019-11447py {URL} {US

CuteNews Avatar 2.1.2 Remote Code Execution Vulnerability

CVE-2019-11447-EXP CuteNews Avatar 212 Remote Code Execution Vulnerability Before run the python script, run the nc command firstly The default port is 1234 Then execute exploitpy, follow the tips and input required contents

RCE exploit for CuteNews 2.1.2

cutenews212_rce RCE exploit for CuteNews 212 - CVE-2019-11447 CuteNews 212 is a vulnerable news management system which allows attackers to upload a malicious php script as a user avatar, and execute remote code I was familiar with this vulnerability from a CTF challenge I had completed Although there is already a few exploits already available for this vulnerability, I

Exploit Code for CVE-2019-11447 aka CuteNews 2.1.2 Avatar upload RCE (Authenticated)

CVE-2019-11447 Exploit/PoC - CuteNews 212 Avatar upload RCE (Authenticated) Exploit Code for CVE-2019-11447 aka CuteNews 212 Avatar upload RCE (Authenticated) Exploit Links: Expected outcome: Login/Register an account, craft user selected PHP file with gif magic bytes, uploads the file as an avatar and trigger it to achieve Remote Code Execution Intended only for educat

CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concept

sadnews CuteNews 212 - CVE-2019-11447 Proof-Of-Concept POC by CRFSlick, discovered by AkkuS <Özkan Mustafa Akkuş> An issue was discovered in CutePHP CuteNews 212 An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to indexphp?mod=main&opt=personal There is no effective control

ExploitDev Journey #8 | CVE-2019-11447 | CuteNews 212 - Authenticated Remote Command Execution Original Exploit: wwwexploit-dbcom/exploits/48800 Exploit name: CuteNews 212 Authenticated RCE CVE: 2019-11447 Lab: Passage - HackTheBox Description This application has a flaw that allows uploading image files if they look like images, it checks the beginning of the

CVE-2019-11447 CuteNews 212 Reverse Shell Upload A slightly modified version of the Mt-Code POC which spawns a full reverse shell rather than a web shell This exploit uses the famous PentestMonkey PHP Reverse Shell Install pip install -r requirementstxt Example use: Create a user on the application Run the following python exploitpy {target}/indexphp {myuser} {my