[webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit
ATT&CK techniques detected
T1190Exploit Public-Facing Application
95%
“[ webapps ] fuxa 1. 2. 8 - authentication bypass + rce exploit fuxa 1. 2. 8 - authentication bypass + rce exploit # exploit title : fuxa 1. 2. 8 - authentication bypass + rce exploit # date : 2026 - 02 - 25 # exploit author : joshua van der poll ( https : / / github. com / joshua…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
90%
“based scada / hmi software ) that allows access to the protected / api / runscript endpoint even when authentication is enabled. by sending a crafted javascript payload using child _ process. execsync, it achieves full remote command execution with complete stdout capture ( no re…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.007JavaScript
48%
“err. stdout. tostring ( ) : " " ) + ( err. stderr? " \ \ nstderr : " + err. stderr. tostring ( ) : " " ) ; } } " " " return js def run _ command ( session, base _ url, command ) : print _ status ( f " preparing payload → executing : { command } " ) js _ code = build _ js _ payloa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
FUXA 1.2.8 - Authentication Bypass + RCE Exploit