This is a Webwiz Rich Text Editor file upload page discovery module for Recon-NG.
865eb4c812edca67575bd0f50b8854c158f04d5a59f498bb0dcc994a35bcecf6import framework
# unique to module
class Module(framework.module):
def __init__(self, params):
framework.module.__init__(self, params)
self.register_option('source', 'db', 'yes', 'source of hosts for module input (see \'info\' for options)')
self.info = {
'Name': 'Webwiz Rich Text Editor File Upload Page Finder',
'Author': 'Jay Turla (@shipcod3)',
'Description': 'Checks the given hosts for Webwiz RTE remote file upload pages.',
'Comments': [
'Source options: [ db | <hostname> | ./path/to/file | query <sql> ]',
'Google Dork: inurl:"RTE_popup_file_atch.asp"',
]
}
def module_run(self):
hosts = self.get_source(self.options['source']['value'], 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL ORDER BY host')
protocols = ['http', 'https']
files = [
'admin/RTE_popup_file_atch.asp', 'asp/RTE/RTE_popup_file_atch.asp',
'admin/rte/RTE_popup_file_atch.asp', 'RTE/RTE_popup_file_atch.asp',
'rte/RTE_popup_file_atch.asp', 'RTE_popup_file_atch.asp',
'rte_popup_file_atch.asp', 'apps/rte/RTE_popup_file_atch.asp',
]
cnt = 0
for host in hosts:
for proto in protocols:
for fileupload in files:
url = '%s://%s/%s' % (proto, host, fileupload)
try:
resp = self.request(url, redirect=False)
code = resp.status_code
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
code = 'Error'
if code == 200 and 'Attach File Properties' in resp.text:
self.alert('%s => %s. Possible Webwiz RTE file upload page found!' % (url, code))
cnt += 1
else:
self.verbose('%s => %s' % (url, code))
self.output('%d Webwiz RTE file upload pages found' % (cnt))
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed