CVE-2022-26265

This repository contains a Python-based exploit for CVE-2022-26265, targeting Contao CMS v1.5.0. The exploit sends a crafted POST request to the `/api/server/config` endpoint with a malicious `php_cli` parameter to achieve remote code execution (RCE).

This PoC exploits CVE-2022-26265, an RCE vulnerability in Contao CMS v1.5.0, by sending a crafted POST request to the `/api/server/config` endpoint with a malicious `php_cli` parameter. The exploit uses a hardcoded JWT token for authentication and supports multi-threaded execution against a list of targets.

This repository contains a functional exploit for CVE-2022-26265, targeting Contao CMS v1.5.0. The exploit sends a crafted POST request to the `/api/server/config` endpoint with a malicious `php_cli` parameter to achieve remote code execution (RCE).