.. / CVE-2020-8654

Exploit for EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution (CVE-2020-8654)

Description:

EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.

Nuclei Template

View the template here CVE-2020-8654.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8654.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-8654
https://github.com/ARPSyndicate/cvemon
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb
https://github.com/EyesOfNetworkCommunity/eonweb/issues/50
https://github.com/h4knet/eonrce

.. / CVE-2020-8654 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution (CVE-2020-8654)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-8654