关联漏洞
标题:
多款WAGO产品操作系统命令注入漏洞
(CVE-2023-1698)
描述:WAGO PFC100等都是德国万可(WAGO)公司的产品。WAGO PFC100是一款可编程逻辑控制器(PLC)。WAGO Compact Controller CC100是一个紧凑型控制器。WAGO Edge Controller是一个边缘控制器。 WAGO Compact Controller CC100、Edge Controller、PFC100、PFC200、Touch Panel 600 Advanced Line、Touch Panel 600 Marine Line、Touch Pane
描述
WAGO Remote Exploit Tool for CVE-2023-1698
介绍
# CVE-2023-1698 WAGO Remote Exploit Tool
## Description
This script is designed to exploit a severe Remote Code Execution (RCE) vulnerability present in multiple WAGO products. Unauthenticated attackers can leverage this flaw to create new users, alter device configurations, and potentially take over the entire system. This can lead to unintended behaviors, Denial of Service (DoS), and full system compromise.
## Vulnerability Significance
**Remote Code Execution (RCE)** is among the most dangerous vulnerabilities as it allows an attacker to execute arbitrary commands on the victim system. When combined with a lack of authentication requirement, this vulnerability becomes even more critical.
## Discovery with ZoomEye
Potential targets vulnerable to this exploit can be identified using the ZoomEye search engine with the following dork:
```
title:"Web-Based Management"
```
**Note**: It is imperative to obtain the necessary permissions before scanning or exploiting any targets identified using this method.
## Severity
**CVSS 3.x Severity and Metrics:**
- **Base Score**: 9.8 (CRITICAL)
- **Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
## Features
- Check individual URLs for vulnerability.
- Scan a list of URLs for potential vulnerabilities.
- Execute arbitrary commands on vulnerable URLs.
- Save vulnerable URLs in an output file for further analysis.
## Dependencies
To set up the environment for the script, install the required dependencies using:
```
pip install -r requirements.txt
```
## Usage
Execute the script using the command:
```
python exploit.py [-u <base_url> | -l <list_of_base_urls>] [-t <threads>] [-o <output_file>]
```
### Arguments:
- `-u` or `--url`: Specify the base URL for the requests.
- `-l` or `--list`: Provide a file containing a list of base URLs to scan.
- `-t` or `--threads`: Set the number of threads to use (default is 100).
- `-o` or `--output`: Designate a file to save vulnerable URLs.
## Examples
To check a single URL for vulnerability, use:
```
python exploit.py -u http://example.com
```
To scan a list of URLs, utilize:
```
python exploit.py -l list.txt -o output.txt
```
## Disclaimer
This tool is meant solely for educational and ethical purposes. Ensure that you have appropriate authorization and permissions before scanning or exploiting any targets. Misuse can lead to legal consequences.
文件快照
[4.0K] /data/pocs/add1ee0d0116311743a5bb7acf7ff6fec191169a
├── [4.6K] exploit.py
├── [ 289] parser_zoomeye.py
├── [2.3K] README.md
└── [ 75] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。