CVE-2019-19609

This exploit targets Strapi CMS versions up to 3.0.0-beta.17.7, leveraging an authenticated RCE vulnerability via plugin installation. It sends a malicious payload through the `/admin/plugins/install` endpoint, executing arbitrary commands and establishing a reverse shell.

This repository contains a functional exploit for CVE-2019-19609, a remote code execution vulnerability in Strapi versions 3.0.0-beta.17.7 and earlier. The exploit leverages a vulnerable plugin installation endpoint to execute arbitrary commands via a crafted JSON payload, resulting in a reverse shell.

This repository contains a functional exploit for CVE-2019-19609, a remote code execution vulnerability in the Strapi Framework. The exploit leverages a command injection flaw in the plugin installation feature, allowing an attacker to execute arbitrary commands via a crafted JSON payload.

This repository contains a functional exploit for CVE-2019-19609, targeting Strapi CMS 3.0.0-beta.17.4. The exploit chains password reset (CVE-2019-18818) with command injection to achieve unauthenticated RCE via plugin installation.

This repository contains a functional exploit for CVE-2019-19609, targeting Strapi CMS versions 3.0.0-beta.17.4 and below. The exploit chains a password reset vulnerability with a remote code execution (RCE) payload to achieve unauthenticated RCE via a reverse shell.

This repository contains a functional Python exploit for CVE-2019-19609, which targets Strapi CMS. The exploit resets the admin password, obtains a JWT token, and executes a reverse shell payload via the plugin installation endpoint.

This repository contains a functional exploit for CVE-2019-19609, a remote code execution vulnerability in Strapi. The exploit leverages a malicious plugin installation via a crafted JSON payload to execute arbitrary commands on the target system.

This repository contains a functional Python exploit for CVE-2019-19609, an authenticated remote code execution vulnerability in Strapi <= 3.0.0-beta.17.8. The exploit leverages command injection via the 'plugin' parameter in the '/admin/plugins/install' endpoint to execute a reverse shell payload.

This repository contains a functional exploit script that chains CVE-2019-18818 (password reset vulnerability) and CVE-2019-19609 (RCE via plugin installation) to achieve unauthenticated remote code execution in Strapi CMS. The script automates the process of obtaining a JWT token and executing a reverse shell payload.