.. / CVE-2020-28871

Exploit for Monitorr 1.7.6m - Unauthenticated Remote Code Execution (CVE-2020-28871)

Description:

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.

Nuclei Template

View the template here CVE-2020-28871.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-28871.yaml

References:

http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28871
http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html
https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
https://www.exploit-db.com/exploits/48980

.. / CVE-2020-28871 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Monitorr 1.7.6m - Unauthenticated Remote Code Execution (CVE-2020-28871)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-28871