## Exploit Title: Serendipity 2.4.0 - File Inclusion RCE ## Author: nu11secur1ty ## Date: 04.26.2023 ## Vendor: https://docs.s9y.org/index.html ## Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0 ## Reference: https://portswigger.net/web-security/file-upload ## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload ## Description: The already authenticated attacker can upload HTML files on the server, which is absolutely dangerous and STUPID In this file, the attacker can be codding a malicious web-socket responder that can connect with some nasty webserver somewhere. It depends on the scenario, the attacker can steal every day very sensitive information, for a very long period of time, until the other users will know that something is not ok with this system, and they decide to stop using her, but maybe they will be too late for this decision. STATUS: HIGH Vulnerability [+]Exploit: ```HTML NodeJS WebSocket Server

You have just sent a message to your attacker,

that you are already connected to him.

``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4.0) ## Proof and Exploit: [href](https://streamable.com/2s80z6) ## Time spend: 01:27:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=nu11secur1ty