An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS running this software, and execute commands on the system including ones for uploading of files and execution of code.
License: GNU General Public License v3.0
Python 100.00%
cve-2020-24572-poc's Introduction
hey, i'm gerbsec
offsec n stuff
anything and everything offsec with a lil bit of purple
Hello, I am trying to reproduce the exploit for a school project but I can't manage to get it working.
I installed RaspAP/2.5 by modifying installers/raspbian.sh 's branch parameter so that it installs correctly (as only cloning RaspAP tagged 2.5 and running the script installs the latest version)
I ran my netcat waiting for a shell on the attacker's pc
I ran the exploit but nothing happened
I checked launching the reverse shell manually to see if it works, it does.
After wiresharking the post request I noticed I was getting an internal server error from RaspAP.
So I went to check what was going on in lightpd logs and this is what I got.
Did you ever encounter something like this while running the exploit and how should I go about fixing it ?