/exploits-rconfig

Exploit codes for rconfig <= 3.9.4

Primary LanguagePython

exploits

Three exploits for rconfig <= 3.9.4 :

CVE-2019-19509 : authenticated RCE
CVE-2019-19585 : Local Privilege Escalation (root)
CVE-2020-10220 : unauthenticated SQLi
rconfig_root_RCE_unauth.py : chaining the three CVEs above to get root reverse shell 
                              without authentication
rconfig_ajaxarchivefiles_rce.rb : Rconfig 3.x - Chained Remote Code Execution
                                  Metasploit Module (EDB : 48223)