Backdrop CMS 1.27.1 - RCE

Backdrop CMS 1.27.1
Authenticated Remote Code Execution (RCE)
Poc Exploit

Introduction

Backdrop CMS version 1.27.1 is vulnerable to authenticated remote code execution.
A user with installer privileges can upload a crafted module installation like,.tgz file via the manual project installer, which is then extracted and executed as PHP code.
The exploitation flow abuses the ajax and authorize.php batch endpoints to trigger a file write under /modules/<name>/, leading to web shell access.

Usage

git clone https://github.com/rvizx/backdrop-rce
cd backdrop-rce
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt

# usage
python3 exploit.py <url> <username> <password>

Example:

python3 exploit.py http://example.com rvz frm2XS42E@x23${!@3;x

Note: This exploit requires valid credentials for a user with installer permissions.

Credits

Original PoC Exploit Link (ExploitDB) - Author: Ahmet Ümit BAYRAM

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
exploit.py		exploit.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Backdrop CMS 1.27.1 - RCE

Introduction

Usage

Credits

About

Uh oh!

Releases

Packages

Languages

rvizx/backdrop-rce

Folders and files

Latest commit

History

Repository files navigation

Backdrop CMS 1.27.1 - RCE

Introduction

Usage

Credits

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages