TeamCity JetBrains PoC (CVE-2023-42793)
This Python script is the proof of concept of CVE-2023-42793 vulnerability in TeamCity JetBrains. The vulnerability allows for the creation of a new admin user and password, providing unauthorized access to the TeamCity server.
DISCLAIMER: This script is provided for educational and testing purposes only. Unauthorized access or exploitation of vulnerabilities is illegal and unethical. Use this script responsibly and only on systems for which you have explicit permission. Prerequisites
Before using this script, ensure you have the following prerequisites:
Python 3
requests =====> pip install requests
Usage
-
Clone or download this repository to your local machine.
-
Open a terminal or command prompt and navigate to the directory containing the script.
-
Run the script with the following command, replacing <TARGET_URL>
-
with the URL of the TeamCity JetBrains server:
python3 teamCity-PoC-42793.py -u <TARGET_URL>
If the TeamCity server is vulnerable, the script successfully exploits the CVE, it will first check if the token exist if so delete it and create a new admin user with a username and password. You can use the newly created admin user credentials to access the TeamCity server.