Lucene search

KitPloitKITPLOIT:2381729761297046710

HistoryOct 29, 2018 - 8:39 p.m.

JQShell - A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

2018-10-2920:39:00

www.kitploit.com

221

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

JQShell
A weaponized version of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0).

Disclaimer
Using this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use this software for illegal purposes. This software is intended for educational use only. No servers were illegally pwned in the making of this software.

Features
Single Target Multi Target Tor
_
_ Prerequisites
Please install these required packages.

Python3

pip3 install requests pysocks subprocess stem

** ** Tor Control Port
To use tor, in this script, you must edit your torrc file and enable tor control port on 9051.
Typically this file is here: /etc/tor/torrc
open this file and change this line:

#ControlPort 9051

ControlPort 9051


restart tor service

** ** Usage

usage: jqshell.py [-h] [-l LIST_INIT] [-t SINGLE_TARGET] -s SHELL_LOC
                  [-o OUTPUTZ] [-tor]

optional arguments:
  -h, --help            show this help message and exit
  -l LIST_INIT, --list LIST_INIT
                        Select for a list of assets to exploit
  -t SINGLE_TARGET, --target SINGLE_TARGET
                        Single exploit target
  -s SHELL_LOC, --shell SHELL_LOC
                        This is required, put the fullpath to your shell
  -o OUTPUTZ, --output OUTPUTZ
                        This is full path to were you want to save your list
                        of confirmed hosts
  -tor, --tor_proxy     Select if you have tor installed, you will need to
                        enable control port

** ** Examples
Running agianst single target.

python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php

Running agianst single target, with saving output.

python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php -o pwned.txt

Running a list, with saving output.

python3 jqshell.py -l /opt/jquery/test.txt -s /var/www/html/shell.php -o pwned.txt

** ** Author

Joshua Whitaker
Twitter @_Stahlz
Email - [email protected]
Website - stahl.io

Download JQShell

References

github.com/gunnerstahl/JQShell

github.com/gunnerstahl/JQShell/blob/master/[email protected]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

Related for KITPLOIT:2381729761297046710