Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring and Enhancement of CVE-2019-14666 Exploit Code #1

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Refactoring and Enhancement of CVE-2019-14666 Exploit Code #1

wants to merge 2 commits into from

Conversation

n3rada
Copy link

@n3rada n3rada commented Aug 28, 2023
edited
Loading

Hello maintainers and contributors,

I'm making this Pull Request because I've had to use this CVE and since I've updated it, I thought you'd like to have an updated version on tray. It was either that or keep it in my personal repository. Preferring the whole community to focus on the original code, I prefer it to be updated here. I hope you appreciate this approach.

This pull request includes a series of improvements and refactorings related to the exploit code for CVE-2019-14666. The main aim of this PR is to enhance clarity, efficiency, and maintainability.

Testing:
Thoroughly tested the refactored code against a GLPI <= 9.4.3 instance to ensure that the exploit still functions as intended without any regressions. To avoid spoilers, it's on a HackTheBox box.

Impact:

  • The refactor should not introduce any breaking changes.
  • Performance improvements are expected due to more efficient code structures.
  • Cleaner code and improved documentation.

Key Changes:

  1. Docstring Improvements: Enhanced method docstrings to provide clearer and more detailed descriptions.
  2. Code Refactoring: Restructured the code to follow more Pythonic patterns and conventions. This includes the use of list comprehensions, optimized imports, and cleaner exception handling.
  3. Error Handling: Enhanced error handling to cater for potential edge cases and provide more informative feedback to users.
  4. Function Decomposition: Broke down some larger functions into smaller, more manageable sub-functions to improve code readability and maintainability.

Details

  1. Environment: The new code uses #!/usr/bin/env python3, making it explicit that Python 3 is being used.
  2. Imports:
  • The new code uses the httpx library instead of requests.
  • Removed the import for sys.
  1. Class Structure:
  • The new code has introduced several dunders (__repr__ and __str__) for better string representation of the class instance.
  • Properly separated private and public methods using name mangling (double underscore prefix).
  • Removed the method to disable SSL warnings (requests.packages.urllib3.disable_warnings()) and instead added a parameter verify=False directly into the httpx.Client().
  1. Miscellaneous:
  • The new code uses f-strings for string formatting, which are more readable and efficient.
  • Organized the order of methods (public then private).
  • The main execution (main()) of the script is more structured and leverages the methods in the class for its operation.

@AnthoLaMalice
Copy link

Up!

This new version is a great addition to the original :)

@n3rada
Copy link
Author

n3rada commented Sep 2, 2024
edited
Loading

@antuache, @Margaruga, @pandujar, any news?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@n3rada @AnthoLaMalice