Closed scaery closed 6 years ago
I think the website you are hacking enable https but the ca is expired...
This exploit uses requests
to send an HTTP request, and there is an option to ignore the expired ca
you need to add this line after LINE8:
session.verify = False
Then check if it works, and feed me back
Thank you for your answer. Good monkey patch.
**EDIT had a type error.
A shell is loosy, not popping cmd nor psh. W00T
Please consider to add the fix to your code, nevermind somebody will need it ;)
I think fixed, you can try it once again
Yes i tried and works now with expired CA and SSL protocol, but if you do not have access due to inaccessible permissions its still a problem.
I'd used
export PYTHONWARNINGS="ignore:Unverified HTTPS request"
to suppress the warnings as well. Anyways. Thank you for the support.
Hey, bro, I have another problem, you said
if you do not have access due to inaccessible permissions it's still a problem.
I am wondering if there is another vulnerability of Codiad, could you please provide more details about it? Like how to deploy the vulnerable environment? how to set the permission mask of the folders? I think maybe we do not need permission to trigger the vulnerability. @scaery
About:
inaccessible permissions
BUILTIN\Users:(I)(OI)(CI)(DENY)(W)
If the structure of /workspace folder is set to "not writable" by the user and the config.php also the exploit fails but can read quite all everything else (scripts in the workspace etc but cannot modify its contents) and the exploit will fail. A loophole i followed! I investigated and troubleshooted this error now. Thank you anyways.
My initial idea was to change the config.php replacing the "WORKSPACE" variable, but due to inaccessible permissions the exploit simply will fail. Thats it. No rocketscience. Just a rabbithole.
Do you mean we can just bypass the controller PATH and set it to somewhere writable?? Interesting! @WangYihang
What causes this issue?