EXPLOITDB-EDB-47497

EXPLOITDB python WORKING POC

Exploit for CVE-2019-25066 - ajenti <2.1.31 - Privilege Escalation

AI Analysis

This exploit leverages a command injection vulnerability in Ajenti's authentication mechanism by embedding shell commands in the JSON username field, leading to remote code execution. It demonstrates both direct command execution and a reverse shell via cron job manipulation.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform python

Language python

Files 1

https://www.exploit-db.com/exploits/47497

Authors

Jeremy Brown

Vulnerability

CVE-2019-25066

ajenti <2.1.31 - Privilege Escalation

MEDIUM

CVSS 6.3