Textpattern <= 4.8.3 Remote Code Execution (Authenticated)

Textpattern until version 4.8.3 allows authenticated users to upload any PHP file. This script automates the process and allows to delete the uploaded file.

Usage

python3 exploit.py -t TARGET -u USER -p PASSWORD [-c COMMAND] [-f FILENAME] [-d]

-t: Url to attack (without /textpattern)
-u: Username
-p: Password
-c: Command to execute (Optional). Default: "whoami"
-f: Uploaded PHP file name (Optional). Default: "testing.php"
-d: Delete the uploaded PHP file (Optional). Default: False.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
images		images
.gitignore		.gitignore
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Repository files navigation

Textpattern <= 4.8.3 Remote Code Execution (Authenticated)

Usage

About

Uh oh!

Sponsor this project

Uh oh!

Languages

Uh oh!

ricardojoserf/textpattern-exploit-rce

Folders and files

Latest commit

History

Repository files navigation

Textpattern <= 4.8.3 Remote Code Execution (Authenticated)

Usage

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Sponsor this project

Uh oh!

Languages