1 min to read
Jqshell

JQShell - A Weaponized Version Of CVE-2018-9206
JQShell A weaponized version of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0).
Disclaimer Using this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use this software for illegal purposes. This software is intended for educational use only. No servers were illegally pwned in the making of this software.
Prerequisites
Please install these required packages.
Python3
pip3 install requests pysocks subprocess stem
Tor Control Port To use tor, in this script, you must edit your torrc file and enable tor control port on 9051. Typically this file is here: /etc/tor/torrc open this file and uncomment this line:
ControlPort 9051
to
ControlPort 9051
restart tor service
Usage
usage: jqshell.py [-h] [-l LIST_INIT] [-t SINGLE_TARGET] -s SHELL_LOC [-o OUTPUTZ] [-tor]
optional arguments: -h, –help show this help message and exit -l LIST_INIT, –list LIST_INIT Select for a list of assets to exploit -t SINGLE_TARGET, –target SINGLE_TARGET Single exploit target -s SHELL_LOC, –shell SHELL_LOC This is required, put the fullpath to your shell -o OUTPUTZ, –output OUTPUTZ This is full path to were you want to save your list of confirmed hosts -tor, –tor_proxy Select if you have tor installed, you will need to enable control port
Examples
Running against single target.
python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php
Running against single target, with saving output.
python3 jqshell.py -t localhost/folderwerejqueryis -s /var/www/html/shell.php -o pwned.txt
Running a list, with saving output.
python3 jqshell.py -l /opt/jquery/test.txt -s /var/www/html/shell.php -o pwned.txt
Download Link:
https://github.com/gunnerstahl/JQShell