Raysync Remote Code Execution

Raysync version suffers form a remote code execution vulnerability.

MD5 | bad3e5d9ea2541ef745fcd64164c3c25

# Exploit Title: Raysync - RCE
# Date: 04/10/2020
# Exploit Author: XiaoLong Zhu
# Vendor Homepage: www.raysync.io
# Version: below
# Tested on: Linux

step1: run RaysyncServer.sh to build a web application on the local

environment, set admin password to 123456 , which will be write to

manage.db file.

step2: curl "[email protected]" http://[raysync

to override remote manage.db file in server.

step3: login in admin portal with admin/123456.

step4: create a normal file with all permissions in scope.

step5: modify RaySyncServer.sh ,add arbitrary evil command.

step6: trigger rce with clicking "reset" button

Related Posts