cmsPoc: CMS Exploit Framework
cmsPoc – A CMS Exploit Framework
Download
git clone https://github.com/CHYbeta/cmsPoc.git
| TYPE | SCRIPT | DESCRIPTION |
|---|---|---|
| phpcms | v960_sqlinject_getpasswd | phpcmsv9.6.0 wap模块 sql注入 获取passwd |
| icms | v701_sqlinject_getadmin | icmsv7.0.1 admincp.php sql Into the background any login admin permissions |
| discuz | v34_delete_arbitary_files | discuz ≤ v3.4 Delete any file |
| beecms | v40_fileupload_getshell | beecms ≤ V4.0_R_20160525 File upload vulnerability getshell |
| semcms | v23_sqlinject_getadmin | semcms ≤ V2.3 sql Into the background any login admin permissions |
| joomla | v370_sqlinject_getuser | Joomla v3.7.0 sql Inject the com_fields component |
| drupal | v833_yamlseria_getshell | Drupal ≤ v8.3.3 yamlDeserialize Remote Command Execution Vulnerability getshell |
| phpoko | v47_fileupload_getshell | phpok ≤ v4.7 File upload vulnerability getshell |
| seascms | v655_eval_getshell | seacms ≤ v6.5.5 eval Improperly filtered arbitrary code execution vulnerability getshell |
| seascms | v654_eval_getshell | seacms ≤ v6.5.4 eval Improperly filtered arbitrary code execution vulnerability getshell |
| seascms | v654_eval_getshell | seacms ≤ v6.5.4 eval Improperly filtered arbitrary code execution vulnerability getshell |
| niushop | v111_fileupload_getshell | niushop ≤ v1.1.1 File upload vulnerability getshell |
| exponent | v238_fileupload_getshell | exponent≤ v2.3.8 File upload vulnerability getshell CVE-2016-7095 |
| tpshop | v208_preview_getshell | tpshop ≤ v2.0.8 preview page getshell |
| fiyocms | v207_fileupload_getshell | fiyocms≤ v2.0. File upload vulnerability getshell CVE-2017-7625 |
Usage
cmspoc.py [-h]
-t TYPE -s SCRIPT -u URLoptional arguments:
-h, –help show this help message and exit
-t TYPE, –type TYPE e.g.,phpcms
-s SCRIPT, –script SCRIPT
Select script
-u URL, –url URL Input a target url
Legal Disclaimer
This project is made for educational and ethical testing purposes only。It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
Source: https://github.com/CHYbeta/
