.. / CVE-2019-12725

Exploit for Zeroshell 3.9.0 - Remote Command Execution (CVE-2019-12725)

Description:

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

Nuclei Template

View the template here CVE-2019-12725.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-12725.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-12725
https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html
https://zeroshell.org/blog/
https://www.zeroshell.org/new-release-and-critical-vulnerability/

.. / CVE-2019-12725 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zeroshell 3.9.0 - Remote Command Execution (CVE-2019-12725)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-12725