Skip to content

SuperHacker-liuan/cve-2017-10271-poc

Repository files navigation

CVE-2017-10271 POC

Introduction

This is an autotest poc for CVE-2017-10271. Having been tested on CentOS 7 and Windows 7/10.

Building

This project is written in rust language. You need to install rust environment from https://www.rust-lang.org/ first and then build the project with the following code.

$ cargo build --release

Then you can get binary at target/release/cve-2017-10271-poc.

Usage

Show Help message

You can get help message by directly execute

$ cve-2017-10271-poc

Test one site

Consider You have a site http://www.test.com/, which is CVE-2017-10271 vulnerable at http://www.test.com/wls-wsat/CoordinatorPortType or http://www.test.com/wls-wsat/CoordinatorPortType11.

To test such site. You can easily test it by executing

$ cve-2017-10271-poc http://www.test.com

If the site is vulnerable, the poc will told you which url is vulnerable. Otherwise it will tell 'Not Vulnerable'

Test many sites

If you want to test many sites, you can append site as arg2, arg3, etc. i.e. the following execute will test three sites.

$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.net

Donate developer

If you are willing to help developer, please donate Bitcoin Cash to address BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP.

Pull requests are also welcomed.

CVE-2017-10271 POC

介绍

这是一个CVE-2017-10271漏洞自动测试工具. 经确定可以在CentOS 7和Windows 7 / 10上运行。

编译

本程序是用rust语言实现的。你需要先到 https://www.rust-lang.org/ 安装rust编译环境,然后进入代码目录,执行下列代码可以在target/release/cve-2017-10271-poc得到二进制程序。

$ cargo build --release

使用说明

查看帮助信息

通过直接执行不带参数的命令,可以查看帮助信息,如下:

$ cve-2017-10271-poc

检测一个网站

不妨设有这样一个网站http://www.test.com/,这个网站在http://www.test.com/wls-wsat/CoordinatorPortType或者http://www.test.com/wls-wsat/CoordinatorPortType11的地址处存在CVE-2017-10271漏洞。你可以通过执行下面的命令来测试这个网站。

$ cve-2017-10271-poc http://www.test.com

如果这个网站存在漏洞,程序会告诉你Vulnerable(有漏洞),否则会告诉你Not Vulnerable(没有漏洞)

同时检测多个网站

如果你需要同时检测多个网站,你可以将不同的网站作为参数进行追加,例如下面的命令可以同时测试3个网站。

$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.net

捐赠开发者

如果你乐意的话,欢迎向开发者捐赠比特币现金,地址是BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP

同时,欢迎提供pull requests