1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80f80fcf3f4c00943ccbc2462e76af8c40483d62
vulnerability-list/tomcat/example_vulnerability.py
rpkr fc647cd651 Update example_vulnerability.py
2019-02-25 20:21:04 +08:00

55 lines
2.0 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# -*- coding: utf-8 -*-
import sys
import requests
import time
'''
Usage:
moon.py -u tomcat http://127.0.0.1:8080
影响范围Tomcat: 全版本
session操纵漏洞Apache Tomcat默认安装包含”/examples”目录里面存着众多的样例
其中session样例(/examples/servlets/servlet/SessionExample)允许用户对session进行操纵。
因为session是全局通用的所以用户可以通过操纵session获取管理员权限。
(不一定都是全局的如果path只在examples下那就无法利用)。
利用此漏洞需要知道相关后台登录后的session键值对然后写入到session中利用条件苛刻。
https://cloud.tencent.com/info/2e03f26090fe592b6c7aa933dd6c0f94.html
解决办法安装完tomcat后删除$CATALINA_HOME/webapps下默认的所有目录文件* rm -rf /srv/apache-tomcat/webapps/*
'''
def attack(URL):
urls = (
'/examples/servlets/servlet/SessionExample', #200
'/examples/', #304
'/docs/', #304
'/manager/html', # 401
'/host-manager/html', #401
'/icons/',
'/manual/',
'/examples/jsp/snp/snoop.jsp'
)
print('[+]开始检测-Tomcat-example_vulnerability。[+]')
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
headers={"User-Agent":user_agent}
for url in urls:
url = URL + url
try:
verify_response = requests.get(url, headers=headers)
if verify_response.status_code == 200 or 304 or 401:
try:
print('存在此页面:'+url+' '+str(verify_response.status_code))
except:
pass
else :
continue
except :
print("Someerror!")
print('[+]检测结束-Tomcat-example_vulnerability。[+]')
print('\n')
if __name__ == "__main__":
attack()
Reference in New Issue View Git Blame Copy Permalink