{"id":20847287,"url":"https://github.com/jsmoreira02/sar2html_exploit","last_synced_at":"2025-07-09T07:34:52.101Z","repository":{"id":175979639,"uuid":"654798143","full_name":"Jsmoreira02/sar2HTML_exploit","owner":"Jsmoreira02","description":"Exploit the Sar2HTML RCE vulnerability and also perform a Shell Upload on the target","archived":false,"fork":false,"pushed_at":"2024-09-22T08:50:35.000Z","size":33,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-18T02:22:05.296Z","etag":null,"topics":["cybersecurity","exploit","hacking","python3","reverse-shell","vulnerability","web-exploitation"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Jsmoreira02.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-06-17T01:55:16.000Z","updated_at":"2024-10-13T22:40:11.000Z","dependencies_parsed_at":"2024-04-11T18:45:34.258Z","dependency_job_id":null,"html_url":"https://github.com/Jsmoreira02/sar2HTML_exploit","commit_stats":null,"previous_names":["joaopedromoreira02/sar2html_exploit","j0hnth3kn1ght/sar2html_exploit","jsmoreira02/sar2html_exploit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2Fsar2HTML_exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2Fsar2HTML_exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2Fsar2HTML_exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2Fsar2HTML_exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Jsmoreira02","download_url":"https://codeload.github.com/Jsmoreira02/sar2HTML_exploit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234604924,"owners_count":18859166,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","exploit","hacking","python3","reverse-shell","vulnerability","web-exploitation"],"created_at":"2024-11-18T02:19:33.834Z","updated_at":"2025-01-19T05:38:09.145Z","avatar_url":"https://github.com/Jsmoreira02.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Language%20-Python-lightgreen.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Target OS%20-Linux-blue.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Vulnerable Version%20-3.2.1-red.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Type%20-Webapps Exploit-black.svg\" style=\"max-width: 100%;\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Remote Command Injection%20-teste?style=flat-square style=\"max-width: 100%;\"\u003e\n\u003c/div\u003e\n\n\n# Sar2HTML Exploit | Reverse shell \n\nThe index.php script in Sar2HTML 3.2.1 is vulnerable to remote command execution. The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.\n\n\u003e \"This Vulnerability could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.\"\n\n#### This script has two ways of exploiting the vulnerability. Use with ethics and wisdom:\n--------------------------------------------------------\n\n### 1 - Command Injection\nSends GET requests, using the ?plot parameter to inject Linux Commands and then returns the output of the command. To pass more complex commands or commands with arguments, use quotation marks \"\".\n\n![commandinject-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/sar2HTML_exploit/assets/103542430/99b1fc1d-050a-4b20-87b3-da25a5f35159)\n\n### 2 - Reverse Shell Injection\nRemotely uploads a reverse shell to the user's machine using the same command injection method, but opens a mini HTTP server on the local machine for the transfer.\n\n![shellmode-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/sar2HTML_exploit/assets/103542430/f1403c98-6859-46bc-ad2d-9fe21199e30c)\n\n### Lab for vulnerability testing\n\n- [VulnHub](https://www.vulnhub.com/entry/sar-1,425/)\n- [TryHackMe](https://tryhackme.com/r/room/boilerctf2)\n\n# Warning:    \n\u003e I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity.\n\n\n***Have a good hack :D***\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fsar2html_exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsmoreira02%2Fsar2html_exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fsar2html_exploit/lists"}