led | 10th March, 2021
The purpose of this repo is to convert python2 exploits and scripts to python as the support for python2 has dropped.
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. Last Tested on TryHackMe Lab Badbyte. Script for the CVE is CVE-2020-25213
LimeSurvey < 3.16 use a old version of "TCPDF" library, this version is vulnerable to a Serialization Attack via the "phar://" wrapper. This Script was copied from exploit-db. Converting script from python2 to python3 was easy only hex bytes were pain. Instead of strings had to use bytes arrays in ptyhon3. Last Tested on TryHackMe Lab Ghizer. Script for the CVE is CVE-2018-17057