4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / app.py PY

from flask import Flask, request, jsonify
import subprocess

app = Flask(__name__)

@app.route("/mgmt/tm/util/bash", methods=["POST"])
def command_injection():
    if request.json and request.json.get("command"):
        cmd = request.json["command"]
        try:
            output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
            return jsonify({"result": output.decode()}), 200
        except subprocess.CalledProcessError as e:
            return jsonify({"error": e.output.decode()}), 500
    return jsonify({"error": "Invalid request"}), 400

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=8080)