Skip to content

rvizx/backdrop-rce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Backdrop CMS 1.27.1 - RCE



backdrop-cms-logo

Backdrop CMS 1.27.1
Authenticated Remote Code Execution (RCE)
Poc Exploit

Backdrop CMS RCE PoC

Introduction

Backdrop CMS version 1.27.1 is vulnerable to authenticated remote code execution.
A user with installer privileges can upload a crafted module installation like,.tgz file via the manual project installer, which is then extracted and executed as PHP code.
The exploitation flow abuses the ajax and authorize.php batch endpoints to trigger a file write under /modules/<name>/, leading to web shell access.

Usage

git clone https://github.com/rvizx/backdrop-rce cd backdrop-rce python3 -m venv venv && source venv/bin/activate pip install -r requirements.txt # usage python3 exploit.py <url> <username> <password>

Example:

python3 exploit.py http://example.com rvz frm2XS42E@x23${!@3;x
Note: This exploit requires valid credentials for a user with installer permissions.

Credits

Original PoC Exploit Link (ExploitDB) - Author: Ahmet Ümit BAYRAM

About

Backdrop CMS 1.27.1 Authenticated Remote Code Execution (RCE) - PoC Exploit

Topics

rce backdropcms remote-code-execution poc-exploit

Resources

Readme
Activity

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages