Exploit for Improper Privilege Management in Openwebanalytics Open Web Analytics CVE-2022-24637

Name: Exploit for Improper Privilege Management in Openwebanalytics Open Web Analytics CVE-2022-24637
Rating: 5 (262 reviews)

2023-08-22 | CVSS 9.8

## https://sploitus.com/exploit?id=149A79B7-CA50-5FEF-BB75-0944CCF317D4
# CVE-2022-24637
Open Web Analytics 1.7.3 - Remote Code Execution Exploit v2

Working exploit for [Open Web Analytics 1.7.3 - RCE](https://www.rapid7.com/db/modules/exploit/multi/http/open_web_analytics_rce/) enhenced with pentestmonkey's [php reverse shell](https://github.com/pentestmonkey/php-reverse-shell), Fixed issue of not able to find user in cache.

Original soruce exploit can be found on [here](https://www.exploit-db.com/exploits/51026)


## Usage
Add your attacker machine's IP and PORT in `php-reverse-shell.php` file and run the `exploit.py` with argument `-u` for vulnerable target url.

```bash
python3 exploit.py -u https://target.host/owa/
```

### Credits
@JacobEbben

@pentestmonkey