A few exploits…

So, lately I have been experimenting a lot with the “Requests” module for python. It makes creating and sending HTTP GET and POST requests so incredibly easy, that I had to use it to write some incredibly simple PoC exploits.

First off, recently there was an advisory about a PHPTax remote code execution vulnerability. So, naturally, I wrote a quick and nasty PoC for it. There is a better one in the Metasploit framework, but I simply wrote this to stave off boredom one evening. This one simply throws you a reverse shell (if the moon, sun and Andromeda galaxy are correctly lined up).

http://code.google.com/p/insecurety-research/source/browse/trunk/misc-exploits/phptax_RCE.py

Using “requests”, you can send a GET request using just requests.get(url)
It is that simple.

The second was an earlier exploit I wrote, before I remembered I could simply inject a reverse shell.

It was an exploit for an Xoops RCE bug. I simply had my exploit wget a shell from a remote server.

http://code.google.com/p/insecurety-research/source/browse/trunk/misc-exploits/xoops_rce.py

There are others in that SVN repo to look at, just have a look :)

I will likely write more later on “Rapid Proof of Concept Creation using ‘requests'” if I could be bothered, there are more vulns to exploit in the meanwhile ;)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>