Example #1
0
def poc(url):
    url1 = "%s/web-console/Invoker" % url
    result = "目标Jboss可能存在JAVA反序列化漏洞CVE-2013-4810 : %s" % url1
    timeout = 5
    try:
        req = requests.head(url1, headers=headers, timeout=timeout)
        if (req.status_code == 500 or (req.status_code == 200 and url200or404Check(url1))) and (
                'JBoss'.lower() in str(req.headers).lower() or 'Apache-Coyote/1.1'.lower() in str(req.headers).lower()):
            return result
    except:
        pass
Example #2
0
def poc(url):
    url1 = "%s/invoker/readonly" % url
    result = "目标Jboss可能存在JAVA反序列化漏洞CVE-2017-12149 : %s" % url1
    timeout = 5
    try:
        req = requests.head(url1, timeout=timeout, headers=headers)
        if (req.status_code == 500 or (req.status_code == 200 and url200or404Check(url1))) and (
                'JBoss'.lower() in str(req.headers).lower() or 'Apache-Coyote/1.1'.lower() in str(req.headers).lower()):
            return result
    except:
        pass
Example #3
0
def poc(url):
    url1 = "%s/invoker/JMXInvokerServlet" % url
    result = "目标Jboss可能存在JAVA反序列化漏洞CVE-2007-1036/CVE-2012-0874/CVE-2013-4810/CVE-2017-7501 : %s" % url1
    timeout = 5
    try:
        req = requests.head(url1, headers=headers, timeout=timeout)
        if (req.status_code == 500 or
            (req.status_code == 200 and url200or404Check(url1))) and (
                'JBoss'.lower() in str(req.headers).lower()
                or 'Apache-Coyote/1.1'.lower() in str(req.headers).lower()):
            return result
    except:
        pass
Example #4
0
def poc(url):
    url1 = "%s/jmx-console/HtmlAdaptor" % url
    result = "目标Jboss可能存在JAVA反序列化漏洞CVE-2006-5750/CVE-2007-1036/CVE-2010-0738 : %s" % url1
    timeout = 5
    try:
        req = requests.head(url1, headers=headers, timeout=timeout)
        if (req.status_code == 500 or
            (req.status_code == 200 and url200or404Check(url1))) and (
                'JBoss'.lower() in str(req.headers).lower()
                or 'Apache-Coyote/1.1'.lower() in str(req.headers).lower()):
            return result
    except:
        pass
Example #5
0
def poc(url):
    url1 = "%s/jbossmq-httpil/HTTPServerILServlet" % url
    result = "目标Jboss可能存在JAVA反序列化漏洞CVE-2017-7504 : %s" % url1
    timeout = 5
    try:
        req = requests.head(url1, headers=headers, timeout=timeout)
        if (req.status_code == 500 or
            (req.status_code == 200 and url200or404Check(url1))) and (
                'JBoss'.lower() in str(req.headers).lower()
                or 'Apache-Coyote/1.1'.lower() in str(req.headers).lower()):
            return result
    except:
        pass
Example #6
0
def poc(url):
    proxies = {'http': '127.0.0.1:9999'}
    for path in paths:
        url1 = "%s%s" % (url, path)
        result = "目标Weblogic可能存在任意文件上传漏洞,CVE-2018-2894 : %s" % url1
        timeout = 5
        try:
            req = requests.get(
                url1,
                headers=headers,
                timeout=timeout,
            )
            if (req.status_code == 200 and url200or404Check(url1)) and (
                    'label_setting_menu_item_general'.lower() in str(
                        req.text).lower()):
                return result
        except:
            pass