32 lines
1.0 KiB
Python
32 lines
1.0 KiB
Python
|
# -*- coding: utf-8 -*-
|
|||
|
|
|
|||
|
|
import requests
|
|||
|
|
|
|||
|
|
'''
|
|||
|
|
Usage:
|
|||
|
|
moon.py -u weblogic http://127.0.0.1:7001
|
|||
|
|
weblogic version: 10.0.2,10.3.6
|
|||
|
|
修复:uddiexplorer 删除该目录下的文件,或者做权限配置,禁止对外访问。
|
|||
|
|
如果可登陆,可在 Setup UDDI Explorer 处获得明确的内网IP
|
|||
|
|
'''
|
|||
|
|
def attack(URL):
|
|||
|
|
print('[+]开始检测-Weblogic-ssrf-CVE-2014-4210。[+]')
|
|||
|
|
|
|||
|
|
url = f'{URL}/uddiexplorer/'
|
|||
|
|
headers = {"Content-Type":'text/xml',
|
|||
|
|
"User-Agent":'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'}
|
|||
|
|
try:
|
|||
|
|
r = requests.get(url, headers=headers)
|
|||
|
|
if r.status_code == 200:
|
|||
|
|
print("存在weblogic-ssrf漏洞页面:"+url)
|
|||
|
|
else:
|
|||
|
|
print("[-]未发现漏洞页面。")
|
|||
|
|
except requests.exceptions.ConnectionError:
|
|||
|
|
print('[-]访问页面出错!')
|
|||
|
|
print('[+]检测结束-Weblogic-ssrf-CVE-2014-4210。[+]')
|
|||
|
|
print('\n')
|
|||
|
|
|
|||
|
|
|
|||
|
|
if __name__ == "__main__":
|
|||
|
|
attack()
|