Share
## https://sploitus.com/exploit?id=CA624BE3-1731-55A5-81E3-F5EFC482806F
# reNgine 2.2.0 - Command Injection - CVE-2023-50094
## Description
This Python script exploits an authenticated command injection vulnerability in reNgine 2.2.0. The exploit targets the `nmap_cmd` parameter in the Scan Engine configuration, allowing attackers to execute arbitrary commands.
## Features
- User-friendly command-line interface (CLI)
- Flexible input for base URL, credentials, and Scan Engine ID
- Automates exploitation for authenticated users
## Exploit Details
- **CVE ID**: TBD
- **Affected Version**: reNgine v2.2.0
- **Tested On**: macOS
- **Author on exploit-db**: Caner Tercan
- **Author of the POC**: Ziad (me)
- **Vendor URL**: [https://rengine.wiki/](https://rengine.wiki/)
- **Software Link**: [https://github.com/yogeshojha/rengine](https://github.com/yogeshojha/rengine)
## Prerequisites
1. A running instance of reNgine (v2.2.0).
2. Valid user credentials with access to the Scan Engine configuration.
3. Python 3.x with the `requests` library installed.
## Installation
1. Clone the repository:
```bash
git clone https://github.com/example/rengine-exploit.git
cd rengine-exploit
pip install requests
```
2. Running the script:
```
python poc.py --url http://rengine.target.com --username admin --password securepassword123 --engine-id 2
```