CVE-2024-7808 💀

$${\color{red} THIS \space EXPLOIT \space MAY \space VIOLATE \space THE \space LAW.}$$ $${\color{red}\space YOU \space ARE \space RESPONSIBLE \space FOR \space YOUR \space ACTIONS.}$$ $${\color{red}DEMONSTRATION \space PURPOSE \space ONLY.}$$

DESCRIPTION

RCE by Non-Admin Users via CSRF in open-webui which allow attacker to send malicious HTML document with build-in javascript that will upload and execute file contains revers shell.

Before main stage script starts web server to give HTML document with multipart form data submission and netcat listener. Next, upload document to the vulnerable site and on page load event javascript will upload file contains python revers shell. If everything is fine you'll receive revers shell in the terminal. Also, if directory listing is visible you can visit page and try to manually check file uploading process and debug.

Preparation

1. Clone project git clone https://github.com/theUnknownSoul/CVE-2024-7806
2. Change rights for install.sh script and run from root to install all necessary system dependencies and rights.
3. Change port for web server and netcat listener in serve.sh script if needed.
4. Change IP and server port for reverse shell in a non_suspicious_file.py.
5. Install python dependencies with pip install -r requirements.txt

Usage

python CVE-2024-7806.py -u <target url>