CVE-2017-5638 Rewrited Exploit In Python
-
Make sure Python3 is installed at system.
-
Run "python3 CVE-2017-5638.py [URL] -c [COMMAND]".
-
URL endpoint needs to be an '.action' file.
Don't forget to give it parameters before running the script.
This exploit is not tested in a lab environment. Please open an issue if it's not working (In cases that you are sure the system / server is vulnerable and exploit is not working) and let me know.
This exploit is written for educational purposes only. Only use it for education or in environments you own or have explicit permission to test. Unauthorized use against systems you do not own is illegal and unethical. Use at your own risk. The author of this exploit (hax / haxerr9) takes NO responsibility for any damage caused by the use or misuse of this code.