ydhcui / cnvd-2020-10487-tomcat-ajp-lfi Goto Github PK
View Code? Open in Web Editor NEWTomcat-Ajp协议文件读取漏洞
Tomcat-Ajp协议文件读取漏洞
,firstly , I got mistakes in makefile() , then I change bufsize args to buffering , then line get errors,:print("".join([d.data for d in data]))
Error: sequence item 0: expected str instance, bytes found
can you give me some suggestions?
thks
我一直报错。
python3 makefile() got an unexpected keyword argument 'bufsize'
Does it mean that AJP is not enabled?
root@kali:~# python tomcatlfi.py X.X.X.X -p 8080 -f WEB-INF/web.xml
Getting resource at ajp13://X.X.X.X:8080/asdf
Traceback (most recent call last):
File "tomcatlfi.py", line 299, in
{'name':'req_attribute','value':['javax.servlet.include.servlet_path','/']},
File "tomcatlfi.py", line 274, in perform_request
responses = self.forward_request.send_and_receive(self.socket, self.stream)
File "tomcatlfi.py", line 154, in send_and_receive
r = AjpResponse.receive(stream)
File "tomcatlfi.py", line 225, in receive
r.parse(stream)
File "tomcatlfi.py", line 193, in parse
raise NotImplementedError
NotImplementedError
大佬用你的这个脚本读靶场可以,但是在一个实战环境中读取的内容永远是首页中的html,版本端口都符合漏洞,请教下大佬知不知道怎么回事。
Traceback (most recent call last):
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 299, in
{'name':'req_attribute','value':['javax.servlet.include.servlet_path','/']},
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 274, in perform_request
responses = self.forward_request.send_and_receive(self.socket, self.stream)
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 154, in send_and_receive
r = AjpResponse.receive(stream)
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 225, in receive
r.parse(stream)
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 182, in parse
self.magic, self.data_length, self.prefix_code = unpack(stream, ">HHb")
File "CNVD-2020-10487-Tomcat-Ajp-lfi.py", line 16, in unpack
return struct.unpack(fmt, buf)
struct.error: unpack requires a string argument of length 5
Traceback (most recent call last):
File "test.py", line 295, in
t = Tomcat(args.target, args.port)
File "test.py", line 261, in init
self.socket.connect((target_host, target_port))
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 111] Connection refused
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.