.. / CVE-2020-35729

Exploit for Klog Server <=2.41 - Unauthenticated Command Injection (CVE-2020-35729)

Description:

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.

Nuclei Template

View the template here CVE-2020-35729.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-35729.yaml

References:

https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/README.md
https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/Exploit_Code
https://github.com/Z0fhack/Goby_POC
https://docs.unsafe-inline.com/0day/klog-server-unauthentication-command-injection
https://nvd.nist.gov/vuln/detail/CVE-2020-35729

.. / CVE-2020-35729 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Klog Server <=2.41 - Unauthenticated Command Injection (CVE-2020-35729)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-35729