Unauthenticated CGI Injection RCE in Dell EMC iDRAC7/iDRAC8

This repository is a small standalone exploit PoC for CVE-2018-1207 affecting Dell iDRAC7 and iDRAC8 firmware versions prior to 2.52.52.52. It contains two files: a README explaining the attack flow and usage, and a single Python exploit script, cve-2018-1207.py, which is the main entry point. The exploit is a network-based remote code execution tool. Its workflow is: (1) create an HTTPS session that tolerates legacy/weak SSL settings and disabled certificate validation, (2) probe the target using /cgi-bin/login?LD_DEBUG=files to determine whether the loader debug output is exposed, (3) generate and cross-compile a malicious SH4 shared library payload, (4) upload that library to the iDRAC using /cgi-bin/putfile so it lands at /tmp/sshpkauthupload.tmp, and (5) trigger execution by requesting /cgi-bin/discover with LD_PRELOAD pointing to the uploaded library. The README states the payload uses a constructor so code runs immediately when the library is loaded. The primary capability is root-level remote code execution on the target iDRAC, demonstrated with a reverse shell callback to an operator-supplied LHOST:LPORT. The script also supports a check-only mode for vulnerability verification without full exploitation, and optional cleanup behavior for locally generated payload artifacts. The code is not part of a larger exploit framework such as Metasploit or Nuclei; it is a direct Python PoC. Based on the available content, it is a real exploit rather than a detector-only script, and its maturity is best classified as OPERATIONAL because it includes a working payload path but is still a simple standalone PoC rather than a highly modular framework module.

This repository contains a Python-based exploit for CVE-2018-1207, a remote code execution vulnerability affecting Dell iDRAC7 and iDRAC8 devices with firmware versions 2.52.52.52 and below. The exploit consists of two files: a README.md with detailed usage instructions and background, and cve-2018-1207.py, the main exploit script. The script checks if the target is vulnerable by sending a crafted request to the login endpoint. If vulnerable, it generates a C payload for a reverse shell, compiles it for the SH4 architecture, uploads it to the target via a POST request, and triggers its execution by abusing the LD_PRELOAD mechanism. The result is a root shell on the target device, connecting back to the attacker's machine. The exploit requires the attacker to have a netcat listener and the SH4 cross-compiler installed. The main endpoints involved are the iDRAC web interface's /cgi-bin/login, /cgi-bin/putfile, and /cgi-bin/discover, as well as the temporary file location /tmp/sshpkauthupload.tmp on the target. The exploit is operational and provides a working reverse shell payload.

This repository contains a working exploit for CVE-2018-1207, a remote code execution vulnerability affecting Dell iDRAC7 and iDRAC8 devices with firmware versions 2.52.52.52 and below. The exploit is implemented as a Python script (cve-2018-1207.py) that orchestrates the attack in several stages: it first checks if the target is vulnerable by probing the /cgi-bin/login endpoint with a special parameter, then generates and compiles a C payload (reverse shell) for the SH4 architecture, uploads the compiled shared object to the target via /cgi-bin/putfile, and finally triggers code execution by abusing the LD_PRELOAD mechanism through the /cgi-bin/discover endpoint. If successful, the attacker receives a root shell from the target device. The repository is structured with a README.md providing detailed usage instructions and a single exploit script. The exploit requires network access to the target's web interface and the ability to run a listener for the reverse shell. The code is operational and provides a real, working payload.

This repository contains a working exploit for CVE-2018-1207, targeting Dell EMC iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52. The exploit is implemented in a single Python script (cve-2018-1207.py) and is accompanied by a README.md with usage instructions. The exploit works by first checking if the target is vulnerable via a crafted request to the /cgi-bin/login endpoint. It then generates a C-based reverse shell payload, compiles it for the SH4 architecture (used by iDRAC), and uploads it to the target using the /cgi-bin/putfile endpoint. Finally, it triggers the payload via the /cgi-bin/discover endpoint, causing the iDRAC device to connect back to the attacker's machine and provide a root shell. The exploit requires the attacker to have the sh4-linux-gnu-gcc-11 cross-compiler installed. The repository is well-structured, with clear separation between documentation and exploit code, and provides a fully operational remote code execution exploit.