This bash script is used to test the vulnerability of web servers to CVE-2022-44877. The script performs a curl request to a target URL with a payload encoded in base64. If the target is vulnerable to the CVE-2022-44877 vulnerability, the elapsed time of the curl request will be greater than 3.5 seconds.
sudo apt-get update
sudo apt-get install curl bc
git clone https://github.com/Chocapikk/CVE-2022-44877
cd CVE-2022-44877
chmod +x script.shThe script can be used in three different ways:
scan: To scan a single URL, run the following command:
./script.sh scan <URL>exploit: To exploit a single URL, run the following command:
./script.sh exploit <URL> <payload>masscan: To scan a list of URLs, either provide a file containing the list of URLs or pipe the list of URLs to the script:
./script.sh masscan <file>
or
echo <URLs> | ./script.sh masscanThe script requires curl to be installed on the system.
This script is for educational purposes only and should not be used for malicious purposes. The user is solely responsible for any actions taken with the script.