Giter VIP home page Giter VIP logo

cve-2017-10271's Introduction

CVE-2017-10271

Weblogic wls-wsat组件反序列化漏洞(CVE-2017-10271)检测脚本

用法

$ python CVE-2017-10271 url

另外需要注册一个ceye.io的账号,将其提供的IdentifierAPI Token填入代码的如下部分:

mmp

功能

检测Windows及Linux环境下Weblogic是否存在CVE-2017-10271的远程命令执行漏洞

目前仅在Linux环境下测试过

Windows及Linux环境下均测试有效

检测原理

使用ceye.io提供的DNS log功能以及其接口查询功能,通过发送ping命令,让服务器pingceye.io提供的域名,并使用其查询接口查询是否收到这次ping的记录,来判断命令是否执行成功。

这里ping的域名采用随机6位大小写字母组成的字符串+ceye.io提供的域名组合而成,如4xF7hY.xxxxxx.ceye.io的形式,其中的4xF7hY在每次请求时随机生成,这样既方便在之后接口查询时可作为唯一特征值方便查询,也能确保漏洞检测的唯一性与准确性。

其他

此代码根据@Lucifer1993weblogic_xmldecoder_exec.py脚本整体架构基础上修改的,其中的windows_payload来自@1337gCVE-2017-10271

cve-2017-10271's People

Contributors

luffin avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.